// Trust & Security Report

    Kensho Technologies, LLC (S&P Global subsidiary) logo

    Kensho Technologies, LLC (S&P Global subsidiary)

    AI-powered data retrieval and natural language querying platform for financial and enterprise data. Core products: LLM-ready API, Kensho Scribe (transcription), Kensho NERD (entity recognition), Core AI Capabilities (ML/NLP). Primary use: structured financial data access via LLM integrations.

    Certifications held

    0

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 6 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No public evidence found on vendor domain

    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence found on vendor domain

    ISO 27001
    NOT CONFIRMED

    No public evidence found on vendor domain

    GDPR Compliance
    NOT CONFIRMED

    No public evidence found on vendor domain. kensho.com legal pages redirect to S&P Global; the cited docs.kensho.com FAQ contains no GDPR, European Data Protection Laws, or Standard Contractual Clauses language. Parent company S&P Global publishes SCCs/DPA on spglobal.com, but no Kensho-domain GDPR statement was found.

    HIPAA
    NOT CONFIRMED

    No public evidence found on vendor domain

    PCI DSS
    NOT CONFIRMED

    No public evidence found on vendor domain

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    UK and EU residency capabilities available; data transfer via Standard Contractual Clauses (SCCs) where required

    Customer data is NOT used to train Kensho's general AI models. For proprietary data partnerships (e.g., Tegus transcription case study), Kensho uses disassociated processing with speaker embeddings stripped of identifying information before model training. API customers retain full data ownership; S&P Global does not see natural language queries, only API code.

    // Security controls

    Encryption in transit

    HTTPS with TLS 1.2 or later for all data in transit

    docs.kensho.com

    Encryption at rest

    No public specification found; general S&P Global safeguards mentioned

    kensho.com

    Authentication

    Public-Private keypair authentication (recommended for production) and personal token authentication available; tokens refreshed hourly

    docs.kensho.com

    Data access controls

    S&P Global does not receive or see natural language questions, only API code; clients own their data; no access to MNPI (material non-public information)

    docs.kensho.com

    Vulnerability reporting

    Dedicated security contact: security-reports@kensho.com

    kensho.com

    Security approach

    Build with safeguards from the start; pilot internally before scaling externally; continuous improvement via real-world feedback

    kensho.com

    // Products & data scope

    LLM-ready APIData Retrieval / Natural Language Interface

    data: S&P Global structured financial datasets; customer data NOT retained or used for training

    Allows querying S&P Global financial data via LLM integrations (Claude, ChatGPT, Gemini). Customers retain ownership of queries and data. No access to customer MNPI.

    Kensho ScribeTranscription / Audio Processing

    data: Customer audio transcription; anonymized data used for model improvement (speaker embeddings only)

    AI-powered business audio transcription with 99%+ accuracy. Uses disassociated processing for quality improvement without exposing identifying information.

    Kensho NERDEntity Recognition / Named Entity Linking

    data: Proprietary S&P Global data; customer data not used

    Named entity recognition and disambiguation for financial/business text. Helps identify sensitive information (MNPI, client names) for removal.

    Core AI CapabilitiesMachine Learning / NLP Infrastructure

    data: Proprietary S&P Global data for model training

    ML/NLP building blocks for structuring and enriching proprietary data. Not offered as a consumer service.

    // What to watch

    • No dedicated trust center on kensho.com; relies entirely on S&P Global's policies and documentation
    • No public SOC 2, ISO 27001, or HIPAA certifications found despite being an enterprise product. Third-party sources mention 'working toward SOC 2 Type 2' but no vendor-domain confirmation.
    • Privacy policy URL (kensho.com/privacy) returns 404; content served via S&P Global domain redirect. Terminology suggests corporate parent's policy, not Kensho-specific data handling.
    • Limited public security documentation; most details require contacting sales or reading API docs. No published security architecture or audit reports.
    • Encryption at rest not explicitly documented; only TLS 1.2+ for transit is confirmed.
    • AI training practices clarified in case study (Tegus) but not explicitly stated as general policy for all customer integrations.
    • Identity verified: Kensho Technologies, LLC is confirmed as S&P Global subsidiary with offices in Cambridge MA and NYC; legal entity matches.

    // At a glance

    Pricing model

    Enterprise SaaS; API-based usage; contact sales for pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Kensho Technologies, LLC (S&P Global subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    kensho.com

    > Browse all vendor trust reports