// Trust & Security Report

    Telepath Data, Inc. (dba Seventh Sense) logo

    Telepath Data, Inc. (dba Seventh Sense)

    Seventh Sense - AI email engagement layer for HubSpot & Marketo (send-time optimization, orchestration, audience recycling, insights, AI recommendations)

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type II audited. Annual independent audit covering security, availability, confidentiality, and processing integrity. Report available under NDA on request.

    Verify on theseventhsense.com
    EU-U.S. / UK / Swiss-U.S. Data Privacy Framework (self-certification)
    HELD

    We comply with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework ("DPF") program, and to view our certification, please visit dataprivacyframework.gov.

    Verify on theseventhsense.com
    GDPR (compliance posture, not a certification)
    HELD

    GDPR and CCPA compliant, and operationally serious about the rest. ... GDPR Data Processing Addendum (DPA) - Our standard DPA - countersigned copies available on request.

    Verify on theseventhsense.com
    CCPA (compliance posture, not a certification)
    HELD

    SOC 2 Type II audited, GDPR and CCPA compliant

    Verify on theseventhsense.com
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No ISO 27001 claim appears anywhere on the trust, security, privacy, or terms pages; only SOC 2 Type II is referenced.

    source: theseventhsense.com
    HIPAA
    NOT CONFIRMED

    Terms of Service explicitly prohibit sending health/sensitive data: "YOU AGREE NOT TO USE THE SUBSCRIPTION SERVICE TO COLLECT, MANAGE OR PROCESS SENSITIVE INFORMATION." Sensitive Information is defined to include "physical or mental health condition or information." No HIPAA/BAA is offered.

    source: theseventhsense.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    United States. Customer Personal Data is stored in the US (hosted on AWS); EU/UK/Swiss transfers safeguarded via EU Commission standard contractual clauses and Data Privacy Framework.

    The product itself trains a per-customer AI model on that customer's own engagement history (send-time optimization, recycling, etc.) - this is the core service. Critically, models are isolated per customer and Seventh Sense states it does NOT train shared cross-customer models on your data without explicit opt-in: "We do not sell, share, or train cross-customer models on your data without explicit opt-in. Each customer's AI is trained on their own program. Period." Note the BETA 'Recommendations' feature is described as drawing on '12 years of cross-customer email program insights' / 'billions of email events' - prospective enterprise buyers should confirm in the DPA whether their data feeds that cross-customer recommendation model and how the opt-in is governed.

    // Security controls

    Encryption in transit

    TLS 1.2+ for everything in transit

    theseventhsense.com

    Encryption at rest

    AES-256 for everything stored

    theseventhsense.com

    Penetration testing

    Third-party penetration tests run annually

    theseventhsense.com

    Bug bounty program

    None found. No HackerOne or Bugcrowd program for Seventh Sense / theseventhsense.com located via the trust pages or web search. Vulnerability handling is covered by 'continuous vulnerability scanning' plus annual third-party pentests rather than a public bounty.

    theseventhsense.com

    Access control

    Principle of least privilege: role-based access control with break-glass logging. No engineer routinely has access to customer data. All admin actions audited and reviewable.

    theseventhsense.com

    Hosting / infrastructure

    Hosted on AWS with hardened VPC architecture, automated patching, and continuous vulnerability scanning

    theseventhsense.com

    Monitoring & incident response

    24/7 production monitoring, anomaly detection, on-call rotation, documented incident response plan with customer notification SLAs

    theseventhsense.com

    Sub-processor transparency

    Public sub-processor list published; legal-update subscription notifies customers of changes to terms, DPA, sub-processor list, or privacy notice

    theseventhsense.com

    Information Security Overview

    Full technical and operational security summary published as a downloadable PDF; SOC 2 report and custom security review available on request

    theseventhsense.com

    // Products & data scope

    Seventh Sense for HubSpotMarketing automation / email AI add-on

    data: Connects to the customer's HubSpot portal and ingests historical and ongoing contact + engagement data to build per-person engagement profiles and drive native workflow steps (delivery time, recycling, throttling).

    5-minute install, 24-hour first insights. Engagement profiles surfaced inside HubSpot CRM. HubSpot Marketplace 5/5, 2x HubSpot Impact Award.

    Seventh Sense for MarketoMarketing automation / email AI add-on

    data: Integrates with Marketo programs; ingests engagement history to drive send-time optimization, orchestration, recycling natively inside Marketo flows.

    Same compliance scope as the HubSpot product; single shared Subscription Service backend.

    Recommendations (BETA / Coming soon)AI advisory

    data: Generates strategic recommendations described as derived from '12 years of cross-customer email program insights' and 'billions of email events.'

    Designated Beta in Terms (Section 3.5) - provided 'as-is', not a production 'Service'. Cross-customer learning claims warrant DPA clarification before relying on it with regulated data.

    Agency offeringReseller / multi-account

    data: 'For agencies' path lets agencies manage multiple client HubSpot/Marketo accounts; per-client data scope follows the same model.

    Listed in site navigation/footer.

    // What to watch

    • AI training nuance: per-customer models are isolated, but the BETA Recommendations feature advertises cross-customer learning - confirm scope in the DPA before enterprise use.
    • No public bug-bounty program (HackerOne/Bugcrowd); relies on annual third-party pentests + continuous scanning.
    • No ISO 27001 and no HIPAA/BAA; Terms explicitly forbid processing sensitive/health data via the platform.
    • US-only data residency; no EU regional hosting option advertised.
    • Legal entity is Telepath Data, Inc. dba Seventh Sense - billing/contracts are under Telepath Data, Inc.
    • Several primary security controls (pentest cadence, encryption, least privilege) are vendor self-attested on the trust page; SOC 2 report is the underlying evidence and is NDA-gated.

    // At a glance

    Pricing model

    Subscription SaaS billed by Maximum Contacts tier (not per-seat - 'unlimited users'); free trial available; credit card via Recurly or invoice (net 30).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Telepath Data, Inc. (dba Seventh Sense)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    theseventhsense.com

    > Browse all vendor trust reports