// Trust & Security Report
Dataminr, Inc. (ThreatConnect, Inc. was acquired by Dataminr for $290M; threatconnect.com now 301-redirects entirely to dataminr.com)
Threat & risk intelligence. ThreatConnect's former standalone products (Threat Intelligence Platform and Risk Quantifier) are now sold as part of 'Dataminr for Cyber Defense' (Predictive Threat Exposure Management, Continuous Control Monitoring & Risk Quantification), alongside Dataminr's other lines: Corporate Security, First Alert (public sector), and Dataminr for News.
Certifications held
6
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on dataminr.com“SOC 2 Type 2 is an AICPA-sanctioned independent attestation that examines the design and operational effectiveness of a service organization's controls... These certifications are available to customers as a part of Dataminr's compliance portfolio, which includes SOC 2 Type 2, NIST 800-171, UK Cyber Essentials Plus and more.”
Verify on dataminr.com“ISO 27001: Leading international standard for establishing, implementing, and maintaining an Information Security Management System (ISMS)... Dataminr was issued the recently released new ISO 27701 certification, and a renewal for the aforementioned ISO 27001 certification, after a successful audit with Coalfire Certification.”
Verify on dataminr.com“ISO 27701: Extension to ISO 27001 that provides requirements and guidance for establishing, implementing, and maintaining a Privacy Information Management System (PIMS)”
Verify on dataminr.com“ISO 42001: International standard that provides a framework for establishing, implementing, and maintaining an AI Management System (AIMS)”
Verify on dataminr.com“NIST 800-171: U.S. federal standard that specifies security requirements for protecting Controlled Unclassified Information (CUI)”
Verify on dataminr.com“Dataminr's compliance portfolio, which includes SOC 2 Type 2, NIST 800-171, UK Cyber Essentials Plus and more.”
> Show 5 unconfirmed / not-held certifications
source: dataminr.comNo public evidence. HIPAA is not mentioned on the Dataminr Trust Services page, the Dataminr privacy policy, or the legacy ThreatConnect privacy policy.
source: dataminr.comNo public evidence. Not listed in Dataminr's stated compliance portfolio (SOC 2 Type 2, ISO 27001, ISO 27701, ISO 42001, NIST 800-171, UK Cyber Essentials Plus).
source: dataminr.comNo public evidence of a FedRAMP authorization. Dataminr states it serves U.S. government agencies and lists NIST 800-171 (CUI protection) but does not claim FedRAMP Authorized status anywhere on the trust page.
source: dataminr.comNo public evidence. Not listed alongside the other ISO certifications on the trust page.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Platform primarily hosted on AWS in Northern Virginia, US; Dataminr's privacy policy separately states personal data may be stored in Europe, the U.S., and Australia, with standard contractual clauses used for EU-to-US transfers.
Dataminr's core product uses AI to analyze public/open-source data (news, social, sensor feeds), not customer-submitted content, for its core alerting product. Neither the Dataminr privacy policy nor the legacy ThreatConnect privacy policy explicitly states whether customer data (e.g., threat intel indicators submitted to the former ThreatConnect TIP, or CAL/Collective Analytics Layer data) is used to train AI/ML models, and no opt-out mechanism for AI training is documented. The legacy ThreatConnect privacy policy does describe a 'CAL Data' feature where anonymized/pseudonymized indicators of compromise are automatically ingested and shared across the CAL network in a form where re-identification is stated to be lost; this is data-sharing/enrichment, not confirmed model training. Treat as unresolved (null) pending direct vendor confirmation.
// Security controls
Monitoring / SOC
AI-enabled intrusion prevention and detection systems monitored by Dataminr's 24/7/365 Security Operations Center
dataminr.comPenetration testing
Application and network penetration testing conducted at least annually by qualified, independent security firms, with providers rotated for fresh coverage
dataminr.com// Products & data scope
data: Ingests customer-tailored internal telemetry plus real-time public/open-source signal; former ThreatConnect TIP also ingests customer-submitted threat indicators (including via CAL, a shared analytics layer)
This is the direct successor to the standalone 'ThreatConnect' product that AIFOXX's slug refers to. As of the Dataminr acquisition (deal value $290M), it is no longer sold or supported as an independent company/product; threatconnect.com fully redirects to dataminr.com.
data: Public data plus organization-specific facility/asset context
Separate product line from the former ThreatConnect line; included here for context on the multi-product parent company.
data: Public data
Used by government agencies; not the same trust/compliance context as the enterprise SaaS cyber defense line.
data: Public data
Distinct consumer/media-facing product line; lower relevance for enterprise security buyers.
// What to watch
- IDENTITY / M&A: 'ThreatConnect' is no longer an independent company. It was acquired by Dataminr, Inc. (deal reported at $290M); threatconnect.com now 301-redirects entirely to dataminr.com, and the original ThreatConnect blog posts announcing its own SOC 2 Type 2 and ISO 27001 certifications (as a standalone company, audited by Schellman & Company and DEKRA respectively) are no longer reachable on threatconnect.com. Current vendor-domain proof for certifications comes from Dataminr's company-wide trust page, not a ThreatConnect-specific page. AIFOXX should either relabel this listing as 'Dataminr (formerly ThreatConnect)' or clearly note the acquisition, since a user searching for 'ThreatConnect' as a standalone vendor will find a materially different company/entity today.
- SCOPE AMBIGUITY: The Dataminr Trust Services page presents certifications (SOC 2, ISO 27001, ISO 27701, ISO 42001, NIST 800-171) as company-wide, without explicitly confirming they cover the legacy ThreatConnect Risk Quantifier/TIP product specifically (vs. Dataminr's core event-intelligence platform only). Treat as likely-but-unconfirmed coverage of the ThreatConnect product line.
- AI training posture on customer/threat-indicator data (including the CAL shared-analytics feature inherited from ThreatConnect) is not explicitly addressed by either the Dataminr or legacy ThreatConnect privacy policies; marked null/unresolved rather than assumed either way.
- No confirmed HIPAA, PCI DSS, FedRAMP, CSA STAR, or ISO 27017/27018 certification; these are enterprise/government-relevant frameworks a buyer may expect given Dataminr's stated U.S. government customer base, so their absence should be surfaced, not silently omitted.
// At a glance
Pricing model
Enterprise contract / quote-based (no public self-serve pricing; 'Request a Demo' only)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Dataminr, Inc. (ThreatConnect, Inc. was acquired by Dataminr for $290M; threatconnect.com now 301-redirects entirely to dataminr.com)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
dataminr.com