// Trust & Security Report

    AlphaSense, Inc. logo

    AlphaSense, Inc.

    Market intelligence and AI-powered research platform for financial services. Sub-products: AlphaSense Platform (financial document search), Tegus Expert Insights (expert call transcripts and broker research), Enterprise Intelligence (private cloud deployment), Generative Search / Deep Research (AI-synthesized research reports).

    Certifications held

    4

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    aligned with our SOC 2 Type 2 attestation and ISO/IEC 27001:2022 certification requirements ... AlphaSense maintains documented disaster recovery and business continuity plans that are tested regularly.

    Verify on alpha-sense.com
    ISO/IEC 27001:2022
    HELD

    aligned with our SOC 2 Type 2 attestation and ISO/IEC 27001:2022 certification requirements

    Verify on alpha-sense.com
    FIPS 140-2
    HELD

    FIPS 140-2 standard compliance for data encryption at rest and in transit.

    Verify on developer.alpha-sense.com
    GDPR (compliance posture)
    HELD

    GDPR-compliant Data Processing Addendum (DPA) ... Standard Contractual Clauses for international transfers ... EU data residency option (eu-central-1 Frankfurt).

    Verify on alpha-sense.com
    > Show 7 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No HIPAA Business Associate Agreement documented. A help article mentions audit logs support compliance with SOC 2, ISO 27001, and HIPAA, but no formal HIPAA BAA is offered or documented. The DPA (publicly accessible PDF) covers GDPR, CCPA, and Swiss FADP but omits HIPAA.

    source: cdn.sanity.io
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    ISO/IEC 42001 certification is being sought as part of AlphaSense's AI governance program but is not yet achieved.

    source: alpha-sense.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification or scope on vendor-domain pages.

    source: alpha-sense.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization on vendor-domain pages or trust center.

    source: trust.alpha-sense.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR registration or certification on vendor-domain pages.

    source: trust.alpha-sense.com
    ISO/IEC 27017 (Cloud Security)
    NOT CONFIRMED

    No public evidence of ISO 27017 certification on vendor-domain pages.

    source: alpha-sense.com
    ISO/IEC 27018 (Cloud Privacy)
    NOT CONFIRMED

    No public evidence of ISO 27018 certification on vendor-domain pages.

    source: alpha-sense.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    US default: AWS us-east-1 (Northern Virginia) and us-west-1 (Northern California). EU option: AWS eu-central-1 (Frankfurt) available for Enterprise Intelligence customers requiring GDPR data sovereignty.

    Explicitly stated: 'LLM models are never trained on customer uploaded data.' Zero data retention contracts enforced with all LLM partners (Anthropic, OpenAI, Google Gemini) accessed via AWS Bedrock private links. Queries are aggregated and anonymized; prompts are never stored in LLMs. Account-level opt-out available for organisations with governance requirements. Note: the privacy policy's AI training restriction is stated narrowly for Google Workspace APIs specifically ('No Google Workspace APIs are used to develop, improve, or train generalized AI and/or ML models on any customer data or inputs'), while the security page and GenAI security page make the broader claim. The broader claim is backed by dedicated GenAI security documentation.

    // Security controls

    Encryption in transit

    TLS 1.2 or higher; HTTPS for all end-user communication; mTLS for Enterprise Intelligence internal connections.

    alpha-sense.com

    Encryption at rest

    AES-256. Customer content stored in dedicated, encrypted S3 buckets with no data co-mingling.

    alpha-sense.com

    Key management

    Bring Your Own Key (BYOK) and Customer-Managed Encryption Keys (CMEK) available. Bring Your Own Bucket (BYOB) supported for full encryption key control.

    alpha-sense.com

    Infrastructure

    Amazon Web Services (AWS). Private cloud deployment on AWS or GCP available for Enterprise Intelligence. Virtual Private Clouds with internet access disabled; single HTTPS ingress only.

    developer.alpha-sense.com

    Monitoring

    24/7 system monitoring with anomaly detection logging. Third-party penetration testing performed regularly.

    alpha-sense.com

    Authentication

    Multi-factor authentication (MFA) enforced. SAML 2.0 SSO support. Identity Access Management (IAM) tooling.

    developer.alpha-sense.com

    Tenant isolation

    Logical separation during processing and indexing prevents cross-customer data access. Dedicated encrypted storage per customer.

    alpha-sense.com

    Backup

    Daily encrypted backups with restricted access for data restoration.

    alpha-sense.com

    External security ratings

    SecurityScorecard: A grade. CryptCheck: A+ rating. Qualys SSL Labs: A+ rating.

    trust.alpha-sense.com

    Vulnerability disclosure

    Public Vulnerability Disclosure Policy available at alpha-sense.com/legal-and-compliance/.

    alpha-sense.com

    // Products & data scope

    AlphaSense PlatformMarket intelligence / financial research

    data: 500M+ premium financial and business documents including company filings, broker research, Tegus expert transcripts, private and public financial data. Users may upload internal documents.

    Cloud-hosted on AWS. Data not used to train LLMs. SOC 2 Type 2 and ISO 27001 apply. Data residency: US default.

    Enterprise Intelligence (Private Cloud)Enterprise search / private document AI

    data: Customer's internal content (documents, data) processed within the customer's own cloud environment (AWS or GCP). Internal content never leaves the customer network.

    Deployable within customer cloud infrastructure. EU data residency available (Frankfurt). BYOK, BYOB, FIPS 140-2, SAML 2.0, and complete network isolation. Highest data sovereignty option.

    Tegus Expert InsightsExpert call transcripts / primary research

    data: Expert interview transcripts and broker research sourced from Tegus network. No customer PII in content corpus.

    Content licensed from Tegus (acquired by AlphaSense). Access controlled by entitlements.

    Generative Search / Deep ResearchAI-powered research synthesis

    data: Runs on AlphaSense curated content and customer-uploaded internal content. Uses LLMs (Anthropic, OpenAI, Google Gemini) via AWS Bedrock private endpoints.

    Zero data retention with all LLM partners. No customer data used for LLM training. Outputs include sentence-level citations. Account-level AI opt-out available.

    // What to watch

    • ISO 42001 in-progress: AlphaSense states it is 'seeking' ISO/IEC 42001 AI management certification. If marketing materials imply it is already held, that would be an over-claim. Monitor for certification announcement.
    • HIPAA ambiguity: A help center article states 'Audit Logs support compliance with SOC 2, ISO 27001, and HIPAA', but no HIPAA BAA is documented in the public DPA or security pages. This informal mention could mislead healthcare buyers who require a formal BAA. Grade held=false pending explicit BAA documentation.
    • AI training claim scope: The privacy policy's AI training restriction is narrowly worded for 'Google Workspace APIs' only, while the security/GenAI security pages make a broader blanket claim. The dedicated GenAI security page backs the broader claim with contractual and technical controls, but the narrow privacy policy language creates a minor inconsistency reviewers should note.
    • Trust center requires NDA for full reports: 'Reports and certifications are available through the AlphaSense Trust Center, subject to NDA where applicable.' SOC 2 Type 2 report is not publicly downloadable.

    // At a glance

    Pricing model

    Enterprise subscription (annual). Free trial available via 'Get Started for Free'.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on AlphaSense, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.alpha-sense.com

    > Browse all vendor trust reports