// Trust & Security Report
Wolfram|Alpha LLC (a Wolfram Research, Inc. company)
Wolfram|Alpha computational answer engine: free consumer web tool, Wolfram|Alpha Pro (paid step-by-step subscription), Wolfram|Alpha API / Commercial API (developer integration), Wolfram Notebook Assistant + LLM Kit (AI assistant layered on Wolfram Language, remote LLM calls), and Wolfram Enterprise Private Cloud Platform (enterprise deployment).
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: wolfram.comNo public evidence. No trust center, audit report, or SOC 2 mention found on wolfram.com, wolframalpha.com, or products.wolframalpha.com after checking the privacy policy, data retention addendum, general Terms of Use, API Terms of Use, and AI Access Terms of Service.
source: wolfram.comNo public evidence. No ISO 27001 certificate, badge, or reference found on any vendor-domain legal/security page checked.
source: wolfram.comNo public evidence of ISO 42001 certification despite Wolfram actively marketing AI features (Notebook Assistant, LLM Kit).
source: wolframalpha.comNo public evidence. The Wolfram|Alpha Terms of Use explicitly disclaim suitability for medical decision-making ('not suitable for critical purposes like medical, legal, or financial decisions'), and no HIPAA/BAA language appears on any vendor page checked.
source: wolfram.comNo public evidence found; Wolfram|Alpha Pro/commercial billing is processed but no PCI attestation is published on the vendor's own domain.
source: wolfram.comNo public evidence found on any vendor-domain page checked.
source: wolfram.comNo public evidence found; no FedRAMP marketplace listing or vendor-domain reference identified.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Vendor is US-based (Wolfram Alpha LLC, Champaign, Illinois); Wolfram Research Europe Limited also exists as a UK subsidiary. No specific data-residency guarantee or EU-hosting option is documented on the vendor's own pages.
Wolfram's AI Access Terms of Service state: 'Wolfram does not use customer Inputs or Outputs to train generalized AI models for the benefit of other customers without the customer's consent.' The Notebook Assistant + LLM Kit page separately states 'User data is not shared outside Wolfram' and that Wolfram 'will not use any of your material for marketing purposes or sell it to third parties.' No self-serve opt-out toggle is documented; consent appears to be the default gate rather than an explicit opt-out control. Some LLM processing happens on Wolfram-controlled remote servers even though part of the Notebook Assistant workflow runs locally.
// Security controls
Encryption in transit
Not documented. The privacy policy only states generic 'appropriate measures... to safeguard PI' without naming TLS/encryption standards.
wolfram.comData retention
Job input/output for compute services is 'temporarily processed' and 'purged upon completion.' The general Data Retention Policy Addendum uses indefinite language: personal data is retained 'for as long as needed, as allowed or as required by law,' with no fixed timeframe stated.
wolfram.comGDPR posture
Self-declared only: 'We collect and hold personal data... in a manner consistent with the lawful bases as outlined in... GDPR.' No specific lawful bases, SCCs, or international-transfer mechanism are enumerated. A dedicated contact (gdpr@wolfram.com) is provided.
wolfram.comVulnerability reporting
Wolfram|Alpha's Terms of Use ask users to report security issues through feedback channels rather than publishing a formal bug-bounty or coordinated-disclosure program.
wolframalpha.comData sale / disclosure
'We will not attempt to associate individual Wolfram|Alpha inputs with individual human users, and will not release individual or aggregated lists of inputs... to any third party, except in response to lawful court orders.'
wolframalpha.com// Products & data scope
data: Anonymous query text only; no account/personal data required for basic use.
No personal information collected from free-tier users beyond the query itself, per the vendor's privacy statements.
data: Adds account, billing, and uploaded-file data (e.g., image/data uploads for step-by-step solutions).
Same privacy policy applies; no additional compliance documentation surfaced for the paid tier.
data: Application ID-scoped queries; licensee responsible for Application ID security per API Terms of Use.
Commercial License Agreement available by supplemental written agreement for expanded quotas; no public DPA template found.
data: Notebook content and prompts; partly processed locally, partly sent to Wolfram-controlled remote LLM servers.
On by default in Version 15; users can choose not to use it. No customer data used to train generalized AI models without consent, per vendor's AI Access Terms of Service.
data: Organization-hosted deployment of Wolfram technology; scope beyond public terms not verifiable without vendor contact.
Existence confirmed via vendor's own Terms and Conditions of Use page; no public compliance/security documentation located for this tier.
// What to watch
- No public trust center, SOC 2, ISO 27001, or any other third-party security certification found anywhere on wolfram.com or wolframalpha.com after checking the privacy policy, data retention addendum, general Terms of Use, API Terms of Use, and AI Access Terms of Service.
- Wolfram Research is a large, decades-old private company with an Enterprise Private Cloud offering, yet its public security disclosure reads like an early-stage vendor's (privacy policy + terms only, no audit evidence) -- enterprise buyers should request compliance documentation directly rather than assume parity with its company size.
- GDPR posture is self-declared ('consistent with GDPR lawful bases') with no enumerated lawful basis, no published DPA, and no mention of Standard Contractual Clauses for international transfers -- treat as an unverified compliance claim, not a certification.
- AI-training no-training-without-consent claim is stated in the AI Access Terms of Service and the Notebook Assistant page, but no self-serve opt-out control is documented, so the practical mechanics of 'consent' are unclear.
- Terms of Use explicitly disclaim suitability for medical/legal/financial decisions, which is directly relevant to any HIPAA-adjacent use case and should be surfaced to users considering it for sensitive workflows.
// At a glance
Pricing model
Freemium: free web tool, paid Wolfram|Alpha Pro subscription, metered/commercial API licensing, and custom enterprise agreements (Enterprise Private Cloud Platform).
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Wolfram|Alpha LLC (a Wolfram Research, Inc. company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
wolfram.com