// Trust & Security Report

    Consensus (NLP, Inc.) logo

    Consensus (NLP, Inc.)

    Consensus is an AI-powered academic search engine for peer-reviewed research papers. The core product allows users to search and analyze 220M+ peer-reviewed papers using natural language queries, with features including consensus metrics, deep search automation, medical mode filtering, and literature review generation.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type 1/2
    NOT CONFIRMED

    No public evidence of SOC 2 certification on consensus.app domain. Help center security page and privacy policy do not reference SOC 2 compliance.

    source: help.consensus.app
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification on vendor domain.

    source: consensus.app
    HIPAA
    NOT CONFIRMED

    No evidence of HIPAA Business Associate Agreement or HIPAA compliance on vendor domain. Tool not marketed or configured for PHI handling.

    source: consensus.app
    GDPR
    NOT CONFIRMED

    Vendor states willingness to document specific handling requirements in contracts to ensure compliance with GDPR-like regulatory needs, but does not claim formal GDPR compliance certification. States compliance with Data Privacy Framework and CCPA principles.

    source: consensus.app
    PCI DSS
    NOT CONFIRMED

    No evidence of PCI DSS certification; tool handles research data not payment card data.

    source: consensus.app

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    United States (headquarters and servers in US)

    Vendor explicitly states: 'We never use user data to train systems, and we never share your data with third parties.' Customer search queries and content are never used to train Consensus AI models or any third-party AI models. Only anonymized query text is logged for product improvement.

    // Security controls

    Encryption in Transit

    Industry-standard encryption via SSL/TLS

    help.consensus.app

    Encryption at Rest

    Industry-standard encryption for stored data

    help.consensus.app

    Data Segregation (Enterprise)

    Organizational data stored separately from main database, accessible only to authorized users

    help.consensus.app

    Penetration Testing

    Routine internal and third-party security assessments; annual third-party penetration tests mentioned in search results

    help.consensus.app

    Data Residency

    US-based (headquarters Boston, MA; all servers located in United States)

    consensus.app

    Third-Party Data Sharing

    No sharing with business partners for marketing or commercial purposes unrelated to service operation. No sale of personal information to advertisers or data brokers.

    consensus.app

    // Products & data scope

    Consensus (Academic Search Engine)AI Research Tools / Literature Review

    data: Peer-reviewed academic papers (220M+), user search queries (anonymized), user accounts

    Core product accessed via web. Requires authentication. Data stored in US servers. No HIPAA or medical data handling claims. Suitable for academic research, clinical decision support (non-regulated), and business intelligence on scientific trends. Enterprise plans include SSO, role-based access control, separate data storage, and custom security documentation options.

    // What to watch

    • Identity-conflation risk: Multiple companies named 'Consensus' exist (GoConsensus B2B demo platform, Consensus academic search engine). Earlier search results mentioning SOC 2 Type II refer to GoConsensus (goconsensus.com), NOT consensus.app. Vendor domains are distinct: consensus.app vs goconsensus.com.
    • Thin trust evidence: No dedicated trust center or formal security certifications found on consensus.app domain. Vendor does not claim SOC 2, ISO 27001, or HIPAA. Security documentation is basic and scattered across help center.
    • DPA absence: No evidence of a formal Data Processing Agreement template or GDPR DPA availability, despite willingness to 'document specific requirements in contracts.'
    • Early-stage certification gap: As a growth-stage company (Series C, ~50 employees), lack of formal certifications is typical but limits enterprise procurement options.
    • Limited HIPAA scope: Academic search engine not designed for or marketed for HIPAA PHI handling; vendor is out of scope for healthcare use cases involving regulated data.

    // At a glance

    Pricing model

    Freemium (limited free tier) + subscription tiers (Professional, Team, Enterprise); transparent pricing available on website

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Consensus (NLP, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    consensus.app

    > Browse all vendor trust reports