Security
Built read-only on purpose.
MarketClaims is research - not custody, not execution, not connectivity to your exchange. The smallest possible attack surface is the whole point.
No wallets, no funds
There is nothing to drain.
MarketClaims holds no funds and connects to no wallets, exchanges, or trading APIs. If your account were compromised, an attacker would gain access to your research history - nothing more.
Authentication
Sign-in is delegated to Clerk.
Passwords and session tokens are managed by Clerk (SOC 2 Type II). We never see your password.
Data
What we store, and why.
Account identifier, research history, and credit balance. No KYC documents, no financial-account numbers, no on-chain addresses. Source material is fetched from public news outlets and the public APIs of Polymarket and Kalshi.
Infrastructure
AWS us-east-1, isolated per environment.
ECS Fargate behind CloudFront. Database credentials are RDS-managed with automatic rotation. Production secrets are not accessible to engineers in day-to-day work; access is logged.
Reporting
Found a vulnerability?
Email security@market-claims.com with a description and reproduction steps. We acknowledge within two business days.