// Trust & Security Report
AlphaSense, Inc.
Market intelligence and AI-powered research platform for financial services. Sub-products: AlphaSense Platform (financial document search), Tegus Expert Insights (expert call transcripts and broker research), Enterprise Intelligence (private cloud deployment), Generative Search / Deep Research (AI-synthesized research reports).
Certifications held
4
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on alpha-sense.com“aligned with our SOC 2 Type 2 attestation and ISO/IEC 27001:2022 certification requirements ... AlphaSense maintains documented disaster recovery and business continuity plans that are tested regularly.”
Verify on alpha-sense.com“aligned with our SOC 2 Type 2 attestation and ISO/IEC 27001:2022 certification requirements”
Verify on developer.alpha-sense.com“FIPS 140-2 standard compliance for data encryption at rest and in transit.”
Verify on alpha-sense.com“GDPR-compliant Data Processing Addendum (DPA) ... Standard Contractual Clauses for international transfers ... EU data residency option (eu-central-1 Frankfurt).”
> Show 7 unconfirmed / not-held certifications
source: cdn.sanity.ioNo HIPAA Business Associate Agreement documented. A help article mentions audit logs support compliance with SOC 2, ISO 27001, and HIPAA, but no formal HIPAA BAA is offered or documented. The DPA (publicly accessible PDF) covers GDPR, CCPA, and Swiss FADP but omits HIPAA.
source: alpha-sense.comISO/IEC 42001 certification is being sought as part of AlphaSense's AI governance program but is not yet achieved.
source: alpha-sense.comNo public evidence of PCI DSS certification or scope on vendor-domain pages.
source: trust.alpha-sense.comNo public evidence of FedRAMP authorization on vendor-domain pages or trust center.
source: trust.alpha-sense.comNo public evidence of CSA STAR registration or certification on vendor-domain pages.
source: alpha-sense.comNo public evidence of ISO 27017 certification on vendor-domain pages.
source: alpha-sense.comNo public evidence of ISO 27018 certification on vendor-domain pages.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
US default: AWS us-east-1 (Northern Virginia) and us-west-1 (Northern California). EU option: AWS eu-central-1 (Frankfurt) available for Enterprise Intelligence customers requiring GDPR data sovereignty.
Explicitly stated: 'LLM models are never trained on customer uploaded data.' Zero data retention contracts enforced with all LLM partners (Anthropic, OpenAI, Google Gemini) accessed via AWS Bedrock private links. Queries are aggregated and anonymized; prompts are never stored in LLMs. Account-level opt-out available for organisations with governance requirements. Note: the privacy policy's AI training restriction is stated narrowly for Google Workspace APIs specifically ('No Google Workspace APIs are used to develop, improve, or train generalized AI and/or ML models on any customer data or inputs'), while the security page and GenAI security page make the broader claim. The broader claim is backed by dedicated GenAI security documentation.
// Security controls
Encryption in transit
TLS 1.2 or higher; HTTPS for all end-user communication; mTLS for Enterprise Intelligence internal connections.
alpha-sense.comEncryption at rest
AES-256. Customer content stored in dedicated, encrypted S3 buckets with no data co-mingling.
alpha-sense.comKey management
Bring Your Own Key (BYOK) and Customer-Managed Encryption Keys (CMEK) available. Bring Your Own Bucket (BYOB) supported for full encryption key control.
alpha-sense.comInfrastructure
Amazon Web Services (AWS). Private cloud deployment on AWS or GCP available for Enterprise Intelligence. Virtual Private Clouds with internet access disabled; single HTTPS ingress only.
developer.alpha-sense.comMonitoring
24/7 system monitoring with anomaly detection logging. Third-party penetration testing performed regularly.
alpha-sense.comAuthentication
Multi-factor authentication (MFA) enforced. SAML 2.0 SSO support. Identity Access Management (IAM) tooling.
developer.alpha-sense.comTenant isolation
Logical separation during processing and indexing prevents cross-customer data access. Dedicated encrypted storage per customer.
alpha-sense.comExternal security ratings
SecurityScorecard: A grade. CryptCheck: A+ rating. Qualys SSL Labs: A+ rating.
trust.alpha-sense.comVulnerability disclosure
Public Vulnerability Disclosure Policy available at alpha-sense.com/legal-and-compliance/.
alpha-sense.com// Products & data scope
data: 500M+ premium financial and business documents including company filings, broker research, Tegus expert transcripts, private and public financial data. Users may upload internal documents.
Cloud-hosted on AWS. Data not used to train LLMs. SOC 2 Type 2 and ISO 27001 apply. Data residency: US default.
data: Customer's internal content (documents, data) processed within the customer's own cloud environment (AWS or GCP). Internal content never leaves the customer network.
Deployable within customer cloud infrastructure. EU data residency available (Frankfurt). BYOK, BYOB, FIPS 140-2, SAML 2.0, and complete network isolation. Highest data sovereignty option.
data: Expert interview transcripts and broker research sourced from Tegus network. No customer PII in content corpus.
Content licensed from Tegus (acquired by AlphaSense). Access controlled by entitlements.
data: Runs on AlphaSense curated content and customer-uploaded internal content. Uses LLMs (Anthropic, OpenAI, Google Gemini) via AWS Bedrock private endpoints.
Zero data retention with all LLM partners. No customer data used for LLM training. Outputs include sentence-level citations. Account-level AI opt-out available.
// What to watch
- ISO 42001 in-progress: AlphaSense states it is 'seeking' ISO/IEC 42001 AI management certification. If marketing materials imply it is already held, that would be an over-claim. Monitor for certification announcement.
- HIPAA ambiguity: A help center article states 'Audit Logs support compliance with SOC 2, ISO 27001, and HIPAA', but no HIPAA BAA is documented in the public DPA or security pages. This informal mention could mislead healthcare buyers who require a formal BAA. Grade held=false pending explicit BAA documentation.
- AI training claim scope: The privacy policy's AI training restriction is narrowly worded for 'Google Workspace APIs' only, while the security/GenAI security pages make a broader blanket claim. The dedicated GenAI security page backs the broader claim with contractual and technical controls, but the narrow privacy policy language creates a minor inconsistency reviewers should note.
- Trust center requires NDA for full reports: 'Reports and certifications are available through the AlphaSense Trust Center, subject to NDA where applicable.' SOC 2 Type 2 report is not publicly downloadable.
// At a glance
Pricing model
Enterprise subscription (annual). Free trial available via 'Get Started for Free'.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on AlphaSense, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.alpha-sense.com