// Trust & Security Report
Consensus (NLP, Inc.)
Consensus is an AI-powered academic search engine for peer-reviewed research papers. The core product allows users to search and analyze 220M+ peer-reviewed papers using natural language queries, with features including consensus metrics, deep search automation, medical mode filtering, and literature review generation.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 5 unconfirmed / not-held certifications
source: help.consensus.appNo public evidence of SOC 2 certification on consensus.app domain. Help center security page and privacy policy do not reference SOC 2 compliance.
source: consensus.appNo public evidence of ISO 27001 certification on vendor domain.
source: consensus.appNo evidence of HIPAA Business Associate Agreement or HIPAA compliance on vendor domain. Tool not marketed or configured for PHI handling.
source: consensus.appVendor states willingness to document specific handling requirements in contracts to ensure compliance with GDPR-like regulatory needs, but does not claim formal GDPR compliance certification. States compliance with Data Privacy Framework and CCPA principles.
source: consensus.appNo evidence of PCI DSS certification; tool handles research data not payment card data.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States (headquarters and servers in US)
Vendor explicitly states: 'We never use user data to train systems, and we never share your data with third parties.' Customer search queries and content are never used to train Consensus AI models or any third-party AI models. Only anonymized query text is logged for product improvement.
// Security controls
Data Segregation (Enterprise)
Organizational data stored separately from main database, accessible only to authorized users
help.consensus.appPenetration Testing
Routine internal and third-party security assessments; annual third-party penetration tests mentioned in search results
help.consensus.appData Residency
US-based (headquarters Boston, MA; all servers located in United States)
consensus.appThird-Party Data Sharing
No sharing with business partners for marketing or commercial purposes unrelated to service operation. No sale of personal information to advertisers or data brokers.
consensus.app// Products & data scope
data: Peer-reviewed academic papers (220M+), user search queries (anonymized), user accounts
Core product accessed via web. Requires authentication. Data stored in US servers. No HIPAA or medical data handling claims. Suitable for academic research, clinical decision support (non-regulated), and business intelligence on scientific trends. Enterprise plans include SSO, role-based access control, separate data storage, and custom security documentation options.
// What to watch
- Identity-conflation risk: Multiple companies named 'Consensus' exist (GoConsensus B2B demo platform, Consensus academic search engine). Earlier search results mentioning SOC 2 Type II refer to GoConsensus (goconsensus.com), NOT consensus.app. Vendor domains are distinct: consensus.app vs goconsensus.com.
- Thin trust evidence: No dedicated trust center or formal security certifications found on consensus.app domain. Vendor does not claim SOC 2, ISO 27001, or HIPAA. Security documentation is basic and scattered across help center.
- DPA absence: No evidence of a formal Data Processing Agreement template or GDPR DPA availability, despite willingness to 'document specific requirements in contracts.'
- Early-stage certification gap: As a growth-stage company (Series C, ~50 employees), lack of formal certifications is typical but limits enterprise procurement options.
- Limited HIPAA scope: Academic search engine not designed for or marketed for HIPAA PHI handling; vendor is out of scope for healthcare use cases involving regulated data.
// At a glance
Pricing model
Freemium (limited free tier) + subscription tiers (Professional, Team, Enterprise); transparent pricing available on website
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Consensus (NLP, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
consensus.app