// Trust & Security Report

    Dataminr, Inc. (ThreatConnect, Inc. was acquired by Dataminr for $290M; threatconnect.com now 301-redirects entirely to dataminr.com) logo

    Dataminr, Inc. (ThreatConnect, Inc. was acquired by Dataminr for $290M; threatconnect.com now 301-redirects entirely to dataminr.com)

    Threat & risk intelligence. ThreatConnect's former standalone products (Threat Intelligence Platform and Risk Quantifier) are now sold as part of 'Dataminr for Cyber Defense' (Predictive Threat Exposure Management, Continuous Control Monitoring & Risk Quantification), alongside Dataminr's other lines: Corporate Security, First Alert (public sector), and Dataminr for News.

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 is an AICPA-sanctioned independent attestation that examines the design and operational effectiveness of a service organization's controls... These certifications are available to customers as a part of Dataminr's compliance portfolio, which includes SOC 2 Type 2, NIST 800-171, UK Cyber Essentials Plus and more.

    Verify on dataminr.com
    ISO 27001
    HELD

    ISO 27001: Leading international standard for establishing, implementing, and maintaining an Information Security Management System (ISMS)... Dataminr was issued the recently released new ISO 27701 certification, and a renewal for the aforementioned ISO 27001 certification, after a successful audit with Coalfire Certification.

    Verify on dataminr.com
    ISO 27701 (Privacy Information Management)
    HELD

    ISO 27701: Extension to ISO 27001 that provides requirements and guidance for establishing, implementing, and maintaining a Privacy Information Management System (PIMS)

    Verify on dataminr.com
    ISO/IEC 42001 (AI Management System)
    HELD

    ISO 42001: International standard that provides a framework for establishing, implementing, and maintaining an AI Management System (AIMS)

    Verify on dataminr.com
    NIST 800-171
    HELD

    NIST 800-171: U.S. federal standard that specifies security requirements for protecting Controlled Unclassified Information (CUI)

    Verify on dataminr.com
    UK Cyber Essentials Plus
    HELD

    Dataminr's compliance portfolio, which includes SOC 2 Type 2, NIST 800-171, UK Cyber Essentials Plus and more.

    Verify on dataminr.com
    > Show 5 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence. HIPAA is not mentioned on the Dataminr Trust Services page, the Dataminr privacy policy, or the legacy ThreatConnect privacy policy.

    source: dataminr.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not listed in Dataminr's stated compliance portfolio (SOC 2 Type 2, ISO 27001, ISO 27701, ISO 42001, NIST 800-171, UK Cyber Essentials Plus).

    source: dataminr.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of a FedRAMP authorization. Dataminr states it serves U.S. government agencies and lists NIST 800-171 (CUI protection) but does not claim FedRAMP Authorized status anywhere on the trust page.

    source: dataminr.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found on any vendor-domain page.

    source: dataminr.com
    ISO 27017 / ISO 27018 (Cloud Security / PII in Cloud)
    NOT CONFIRMED

    No public evidence. Not listed alongside the other ISO certifications on the trust page.

    source: dataminr.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Platform primarily hosted on AWS in Northern Virginia, US; Dataminr's privacy policy separately states personal data may be stored in Europe, the U.S., and Australia, with standard contractual clauses used for EU-to-US transfers.

    Dataminr's core product uses AI to analyze public/open-source data (news, social, sensor feeds), not customer-submitted content, for its core alerting product. Neither the Dataminr privacy policy nor the legacy ThreatConnect privacy policy explicitly states whether customer data (e.g., threat intel indicators submitted to the former ThreatConnect TIP, or CAL/Collective Analytics Layer data) is used to train AI/ML models, and no opt-out mechanism for AI training is documented. The legacy ThreatConnect privacy policy does describe a 'CAL Data' feature where anonymized/pseudonymized indicators of compromise are automatically ingested and shared across the CAL network in a form where re-identification is stated to be lost; this is data-sharing/enrichment, not confirmed model training. Treat as unresolved (null) pending direct vendor confirmation.

    // Security controls

    Encryption at rest

    AES-256

    dataminr.com

    Encryption in transit

    TLS 1.2 or higher

    dataminr.com

    Monitoring / SOC

    AI-enabled intrusion prevention and detection systems monitored by Dataminr's 24/7/365 Security Operations Center

    dataminr.com

    Penetration testing

    Application and network penetration testing conducted at least annually by qualified, independent security firms, with providers rotated for fresh coverage

    dataminr.com

    Hosting

    Platform hosted on AWS, primarily in Northern Virginia, United States

    dataminr.com

    // Products & data scope

    Dataminr for Cyber Defense (includes former ThreatConnect Threat Intelligence Platform and Risk Quantifier)Enterprise / Government threat intelligence and cyber risk quantification

    data: Ingests customer-tailored internal telemetry plus real-time public/open-source signal; former ThreatConnect TIP also ingests customer-submitted threat indicators (including via CAL, a shared analytics layer)

    This is the direct successor to the standalone 'ThreatConnect' product that AIFOXX's slug refers to. As of the Dataminr acquisition (deal value $290M), it is no longer sold or supported as an independent company/product; threatconnect.com fully redirects to dataminr.com.

    Dataminr for Corporate SecurityPhysical security / corporate risk monitoring

    data: Public data plus organization-specific facility/asset context

    Separate product line from the former ThreatConnect line; included here for context on the multi-product parent company.

    First AlertPublic sector real-time event detection

    data: Public data

    Used by government agencies; not the same trust/compliance context as the enterprise SaaS cyber defense line.

    Dataminr for NewsMedia / newsroom breaking-event detection

    data: Public data

    Distinct consumer/media-facing product line; lower relevance for enterprise security buyers.

    // What to watch

    • IDENTITY / M&A: 'ThreatConnect' is no longer an independent company. It was acquired by Dataminr, Inc. (deal reported at $290M); threatconnect.com now 301-redirects entirely to dataminr.com, and the original ThreatConnect blog posts announcing its own SOC 2 Type 2 and ISO 27001 certifications (as a standalone company, audited by Schellman & Company and DEKRA respectively) are no longer reachable on threatconnect.com. Current vendor-domain proof for certifications comes from Dataminr's company-wide trust page, not a ThreatConnect-specific page. AIFOXX should either relabel this listing as 'Dataminr (formerly ThreatConnect)' or clearly note the acquisition, since a user searching for 'ThreatConnect' as a standalone vendor will find a materially different company/entity today.
    • SCOPE AMBIGUITY: The Dataminr Trust Services page presents certifications (SOC 2, ISO 27001, ISO 27701, ISO 42001, NIST 800-171) as company-wide, without explicitly confirming they cover the legacy ThreatConnect Risk Quantifier/TIP product specifically (vs. Dataminr's core event-intelligence platform only). Treat as likely-but-unconfirmed coverage of the ThreatConnect product line.
    • AI training posture on customer/threat-indicator data (including the CAL shared-analytics feature inherited from ThreatConnect) is not explicitly addressed by either the Dataminr or legacy ThreatConnect privacy policies; marked null/unresolved rather than assumed either way.
    • No confirmed HIPAA, PCI DSS, FedRAMP, CSA STAR, or ISO 27017/27018 certification; these are enterprise/government-relevant frameworks a buyer may expect given Dataminr's stated U.S. government customer base, so their absence should be surfaced, not silently omitted.

    // At a glance

    Pricing model

    Enterprise contract / quote-based (no public self-serve pricing; 'Request a Demo' only)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Dataminr, Inc. (ThreatConnect, Inc. was acquired by Dataminr for $290M; threatconnect.com now 301-redirects entirely to dataminr.com)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    dataminr.com

    > Browse all vendor trust reports