// Trust & Security Report
AL Advisors Management Inc.
Venture capital fund administration and investment management platform with modules for Venture Funds, SPVs, Scout Funds, Digital Subscriptions (investor management workflows), and Data Rooms
Certifications held
2
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust-portal.angellist.com“Service Organization Controls (Soc2) (Type II) Trust Services Principles. The full report is available to customers upon request.”
Verify on trust-portal.angellist.com“Protects the personal data and privacy of EU citizens for transactions that occur within EU member states.”
> Show 5 unconfirmed / not-held certifications
source: stack.angellist.comAngelList uses Google Cloud Platform, which is ISO 27001 certified, but AngelList itself does not hold ISO 27001 certification. No public evidence of AngelList's own ISO 27001 certification.
source: trust-portal.angellist.comNo public evidence of HIPAA compliance or coverage on AngelList's trust center or security pages.
source: trust-portal.angellist.comNo public evidence of PCI DSS certification on AngelList's trust center. AngelList uses payment processors (Plaid, Treasury Prime) but does not claim PCI DSS compliance itself.
source: trust-portal.angellist.comNo public evidence of CSA STAR certification on AngelList's trust center or security pages.
source: trust-portal.angellist.comNo public evidence of FedRamp compliance on AngelList's trust center or security pages.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States (Google Cloud Platform servers in Iowa and other US regions)
AngelList explicitly states: 'AngelList does not allow company data to be used for training on third-party systems.' This restriction applies to their Tie Out Assistant AI feature.
// Security controls
Encryption in transit
HTTPS and TLS encryption for data transmitted over the internet
stack.angellist.comEncryption at rest
Sensitive data encrypted at rest with encryption at multiple layers
stack.angellist.comMulti-factor authentication
Two-factor authentication required for fund transfers and sensitive operations; strong password + second authentication factor for system access
stack.angellist.comPenetration testing
Annual network and application penetration testing of production environment by third-party; critical and high-risk findings tracked to resolution
trust-portal.angellist.comVulnerability management
Formal Vulnerability Management and Patch Management Policy with defined processes for responding to identified vulnerabilities
trust-portal.angellist.comAccess controls
Granular user permission controls; strong password requirements; two-factor authentication for sensitive systems
stack.angellist.comAutomated security scanning
Automated security scanning of infrastructure and applications
stack.angellist.comIncident response
Formal Incident Response Planning documented and maintained
trust-portal.angellist.comChange management
Change Management and Development Controls documented with security requirements for secure software development and maintenance
trust-portal.angellist.comBusiness continuity
Business Continuity and Disaster Recovery planning with annual backup restoration testing
trust-portal.angellist.comData retention
Data Retention and Disposal Policy specifies retention based on compliance requirements and contractual obligations; customer data removed upon request
trust-portal.angellist.com// Products & data scope
data: Fund data, investor information, deal documents, cap tables, financial records
Full-service fund management including administration, investor management, document handling
data: Deal-specific investor and financial data
Enables raise of capital on deal-by-deal basis with access to AngelList Capital Network
data: Scout program management and deal pipeline data
Reduces operational burden for launching or scaling scout programs
data: LP subscription agreements and investor documentation
Replaces subscription paperwork with digital workflows
data: Confidential deal documents, fund documents, investor materials
Secure document storage and sharing for fund data. SOC2 compliant.
data: Investor account information, portfolio data, performance tracking
Self-service portal for investor access to fund information
// What to watch
- ISO 27001 confusion: Third-party security profiles (e.g., Nudge Security) may infer ISO 27001 compliance based on Google Cloud certification, but AngelList itself does not hold ISO 27001 certification. The security page states 'Google Cloud Platform is ISO 27001 certified' (referring to GCP, not AngelList).
- Over-claim risk in third-party sources: Nudge Security and similar profiles list HIPAA, PCI DSS, FedRamp, and CSA STAR as 'inferred' certifications for AngelList, but these are NOT documented on AngelList's own trust center. AngelList itself does not appear to claim these certifications publicly.
- Privacy policy URL variations: Multiple URLs point to privacy policy (venture.angellist.com/privacy and venture.angellist.com/v/legal/privacy), suggesting possible recent URL reorganization. Content delivery was minimal on direct fetch; recommend confirming via contact.
- GDPR compliance is stated as data protection commitment for EU citizens but no explicit mention of Data Processing Agreement (DPA) availability in public documentation.
- Regulatory scope: AngelList is a venture capital/fund administration platform, not a healthcare provider or financial processor, which explains the absence of HIPAA and PCI DSS certifications.
// At a glance
Pricing model
SaaS subscription with tiered plans based on fund size and feature needs; separate pricing for fund administration, investor management, digital subscriptions
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on AL Advisors Management Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust-portal.angellist.com