// Trust & Security Report
Athos Commerce (formerly Searchspring; legal entities: B7 Interactive LLC, Intelligent Reach Pty Ltd, Intelligent Reach Limited)
AI-powered eCommerce search, merchandising, personalization, and product discovery platform. Consolidated from Searchspring, Klevu, and Intelligent Reach brands.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 6 unconfirmed / not-held certifications
source: athoscommerce.comNo public evidence of SOC 2 certification on vendor's website, privacy policy, or service terms. Not mentioned in any publicly available documentation.
source: athoscommerce.comNo public evidence of ISO 27001 certification on vendor's website, privacy policy, or service terms. Not mentioned in any publicly available documentation.
source: athoscommerce.comNo formal GDPR certification found. However, privacy policy demonstrates GDPR readiness: 'VeraSafe as EU/UK representative' and offers data subject rights (erasure, portability, restriction). Privacy policy states 'By providing your information to us, residents of Australia, Canada, and India consent to the transfer and storage of their data in the United States.' DPA availability inferred from privacy policy but not formally linked.
source: athoscommerce.comService explicitly not designed for HIPAA. Service Terms state: 'Services are not designed for the processing of sensitive or special categories of personal data or data that is subject to special regulatory schemes, such as protected health information under HIPAA.' Further: 'Athos Commerce does not intend use of the Service's search and merchandising functionality to create obligations under PCI DSS, HIPAA, or GLBA and makes no representations that the Service satisfies the requirements of such laws.'
source: athoscommerce.comService explicitly not designed for PCI DSS. Service Terms state: 'Athos Commerce does not intend use of the Service's search and merchandising functionality to create obligations under PCI DSS, HIPAA, or GLBA and makes no representations that the Service satisfies the requirements of such laws.' Customers expressly prohibited from storing 'Payment card numbers, financial accounts, or other payment card information.'
source: athoscommerce.comNo public evidence of AI governance certification. Platform marketed as 'AI-Powered' but no published certification or audit for AI-specific governance standards.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
United States (primary). Privacy policy: 'residents of Australia, Canada, and India consent to the transfer and storage of their data in the United States.'
Platform is marketed as 'AI-Powered' but no explicit public policy on whether customer product data, search data, or interaction logs are used to train vendor's AI models. Privacy policy states data processed 'on behalf of customers pursuant to their written instructions' (standard processor language) but AI training opt-outs or disclosures not detailed. Gap: vendors should clarify whether customer data contributes to model training.
// Security controls
Encryption in Transit
TLS or similar technologies for Service Data encryption during transmission
athoscommerce.comAdministrative, Physical, Technical Safeguards
Commercially reasonable administrative, physical and technical safeguards to protect Service Data security, confidentiality, and integrity. Specific measures not detailed in public documentation.
athoscommerce.comThird-Party Security Services
CloudFlare (CDN) and Wordfence (fraud prevention and security monitoring)
User Authentication
Unique login credentials required. Customer responsible for maintaining confidentiality of login information.
athoscommerce.comService Availability
Commercially reasonable efforts to maintain Services available 24x7x365, excluding scheduled maintenance or emergencies. No specific SLA uptime percentage published.
athoscommerce.comData Incident Liability
Athos Commerce not responsible for harm/damage from security incidents except for material breach by Athos Commerce. Liability capped at fees paid in prior 12 months.
athoscommerce.com// Products & data scope
data: Product data, inventory, pricing, sales history, customer browsing behavior (search queries, click patterns)
On-site search and merchandising SaaS. Not suitable for payment card data, health information, or other sensitive regulated data.
data: Product information, customer interaction logs, behavioral data
Unified under Athos Commerce parent company
data: Marketplace listing data, performance metrics, syndication feeds
Unified under Athos Commerce parent company
// What to watch
- Over-claim risk: Platform marketed as 'AI-Powered' but no published disclosure of whether customer product/search/interaction data is used to train vendor's models. Recommend vendors clarify data usage policy.
- No SOC 2 or ISO 27001 certifications despite positioning as enterprise platform serving global retailers. These are table-stake certifications for enterprise SaaS.
- Explicitly not suitable for HIPAA, PCI DSS, GLB Act-regulated data. Severely limits use cases in healthcare, fintech, or regulated retail.
- No public trust center or security documentation portal, unlike most enterprise SaaS vendors. Security details must be requested directly from vendor.
- DPA availability mentioned in privacy policy but not formally linked or described. Customers must explicitly request DPA execution.
- Privacy policy disclaimer: 'Use of the Services may not be uninterrupted, error-free, or completely secure.' Liability limitations cap damages at fees paid.
- Data residency: U.S.-only (no EU data centers; customers consent to U.S. transfer). May not satisfy data localization requirements in some markets.
// At a glance
Pricing model
SaaS subscription (monthly/annual billing; tiers by search volume or features)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Athos Commerce (formerly Searchspring; legal entities: B7 Interactive LLC, Intelligent Reach Pty Ltd, Intelligent Reach Limited)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
athoscommerce.com