AlphaSense classifies data in terms of legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Individual organizations, departments, and divisions are responsible for identifying the specific requirements associated with their data, and are accountable for ensuring that their information assets are maintained in accordance with any appropriate legal or business requirements. For more information, visit our Trust Center.
Table of Contents
Data Center and Admin Access
AlphaSense partners with Amazon Web Services (AWS), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems
Access to servers hosted by AWS is protected by multi-factor authentication (MFA) protocols, and user access control is managed by Identity Access Management tools, via secure communication sessions over SSL/TLS
User Authentication and Data Transmission Security
All end user communication to AlphaSense servers is via HTTPS secure web protocol and behind a user authenticated login process
All user requests are authenticated using one-way encryption against a highly secure database, and by named servers with specific access keys
The connections to the AlphaSense site are encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).
User data is stored with scrambled names mapped to user specified names through a second secure mapping layer. This ensures that in the unlikely event of an intrusion, an intruder will be unable to ascertain file names or view any content
User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard, using 256-bit encryption keys Database drives, the search engine, and system drives that store user data are directly encrypted
Data in Transit
* SSL encryption is used to secure the transport of sensitive data across the following environments:
SSL encryption on TCP
Web-based content and applications using port TCP 443 (HTTPS)
Secure SES for alerts and incoming emails
Network Security
AlphaSense servers are hosted behind a firewall with ingress and egress ports turned off, and limited to a single HTTPS access on the server catering to user requests.
Subsystems are further isolated to Virtual Private Clouds without Internet access, which limits access to only specific named servers within the firewall, and via highly secure, one-way encryption keys
Physical Security
We use AWS to host our infrastructure. Physical access to data centers is restricted as per AWS physical security protocolsThe measures are mentioned here : https://aws.amazon.com/compliance/data-center/controls/
Local access to AlphaSense offices is via keycard access and biometric security access which is provided to the employees, CCTV cameras across perimeter, building, office space, and Security guards continuously monitor all cameras.
Single Sign-On (SSO)
AlphaSense supports SAML 2.0 and uses OAuth2 standard authorization.
User authentication data is stored in the application's internal database. We don't support authentication against customer's LDAP or Active Directory.
Data Retention Policies
AlphaSense only retains information for as long as the company has a legitimate, continued need for it or in accordance with applicable legal or regulatory requirements. Once data is no longer required, it is to be either disposed of or archived. While disposal is the preferred outcome for data that is no longer required, archival is an option for business units who believe there may be some uncertainty regarding future requirements for aged data. Data owners are responsible for determining the appropriate retention period(s) for their data and working with IT to ensure that it is aged in accordance with any appropriate regulations or other requirements.
Unless notified of special retention requirements for information by the data owner, AlphaSense IT will apply default retention periods and disposal requirements on all company data, based on its classification.
Data owners of Confidential and Private data are required to specify the data retention period, determined through consultation with the legal department. Business units should carefully consider the costs and legal risks associated with data retention vs. archival or data destruction when establishing retention standards for their data.
FINRA/SEC RULE 17A-4(F) AlphaSense complies with write once read many (WORM) retention requirements, like SEC 17A-4
Confidential Data
There is no default retention period for confidential information. Data must be encrypted where possible, using approved cryptographic algorithms and key strength.
Private Data
Unless otherwise specified below by the data owner, all data classified as AlphaSense Private Data is retained for five (5) years by default. Archival to electronic media is an available option for this class of data and archival records can be retained by the data owner as long as deemed necessary and appropriate.
Internal Data
The default retention period for AlphaSense Internal data is three (3) years, at which time it is subject to disposal. If archival is required or desired, data owners must submit a request to IT prior to the scheduled destruction date, and must be approved by the requestor’s supervisor. Electronic media and paper records containing AlphaSense Internal data must be disposed of using approved, secure methods.
Public Data
Public data is retained seven (7) years by default, though its public availability should be reviewed at least annually. Upon reaching the end of its retention period, all AlphaSense Public data is to be archived prior to destruction. No special disposal methods are required for Public data.
Personally Identifiable Information
Personally identifiable information will be disposed of when legal conditions for retaining it terminates. Users will be given one month to respond with any special requirements for archiving or to request exceptions from AlphaSense data retention policies, after which time IT will dispose of the data in accordance with this policy.
Legal Requirements
Under certain circumstances, AlphaSense may become subject to legal requirements requiring retention of data associated with legal holds, lawsuits, or other matters as stipulated by AlphaSense’s Legal department. Such records and information are exempt from any other requirements specified within this Data Management Policy and are to be retained in accordance with requirements identified by the Legal department.
Threat and Vulnerability / Intrusion Detection
The entire site is constantly monitored and any access in or out is logged for access anomaly detection.
The site is regularly tested for penetration and vulnerability by trained security specialists.
We perform annual external penetration testing using an accredited vendor. Available on request under signed NDA or similar obligations of non-disclosure.
Web service uptime at the server level is continuously monitored for any unexpected downtime incidents or high usage that could portend denial of service attacks.
All VPC flow logs are enabled with AWS config rules. They get sent to AWSGuardDuty to detect any malicious activity and is reviewed regularly. No Customer data is stored in these logs as they are infrastructure level logs.
AlphaSense Enterprise Security
We use Carbon Black solution with EDR capability. Signatures are updated regularly as they are released by the vendor. Emails are being scanned with our email protection system. Antivirus scans all on-access files and have capability to run scans on web applications as well.
We use Avanan email protection system as our secure email gateway for all inbound/outbound emails to prevent our employees from phishing attacks and spam.
Audit Controls / User Activity Reporting
AlphaSense maintains Logs of all User Activity and can provide utilization reports upon client request.
Client Security Teams can limit AlphaSense functionality and broad access controls at a user by user level.
Content Integration Overview by Channel Type
Manual/One Time Uploads
Email In
Whitelisting Email Address [email protected] and [email protected]
For auto-forwarding considerations -- lift restrictions on auto-forwarding (?)
Outlook Considerations
Server must allow users to create auto-forwarding rules in order to push content from Outlook into AlphaSense
Gmail Considerations
Gmail Auto-Forwarding rules require a Confirmation Code be sent to the receiver of the auto-forward which would be [email protected] or [email protected]
This Confirmation Code will be returned to the client for activation of the auto-forward rule
How we are processing documents:
Capacity limitations | Message body size limit set to 8 Mb. Google Mail sets body + attachments size summary limit to 25 Mb. AlphaSense processing and UI sets indexable and downloadable count limits to 10 attachments + the main email body. |
Manual File Uploads
Are there any known constraints & firewall/permissioning we encounter for manual uploads? - As long as SFTP opens on the client's firewall, upload should work.
Capacity Limitations
250 Documents, with each document having a maximum limit of 100MB, for each upload
Specific File Type Supported - txt, html, htm, pdf, doc, docx, ppt, pptx, xls, xlsx, msg, eml, csv, xlsb, xlsm, one, tsv, ods
Uploads feature provides the ability to upload files with an ability to add Tags and tickers while ingesting the documents
Web Clipper
This plug-in is compatible with Chrome Browsers (and Safari for Mobile Devices)
Plug-in can be downloaded here and is subject to default IT permissions to download and install from Chrome Web Applications Store
Select web pages also are password protected and/or have web crawling limitations that prevent actual extraction of webpage content.
SSO users of Web Clipper will be logged in at AlphaSense UI upon download/install, then credentials are automatically recognized
Automatic/Continuous Sync
FileSync
Recommended Virtual Machine Requirements:
OS- Windows 7+
Min- 1 Core Recommended- 2 Cores
Min- 1GB RAM Recommended- 2GB or more
Memory- 10GB+ Recommended- 15GB+ for system
To install FileSync in the virtual machine, they can download MSI here:
Requirements in Accessing Folders in Local Desktop & Network Drives
We can enable are able to sync Local & Network Drive Syncs, with specific requirements
Network Drives have to be mapped to LOCAL that provides labeling. This enables FileSync App to recognize changes in the folders directly & create a background sync connection.
NOTE: The Virtual Machine User should have READ & WRITE permission to the respective folders being synced into AlphaSense.
FileSync Default Settings
Ensure we have the following ENABLED
“Enable system tray notifications” -- informs new updates on synced folders
“Auto start AlphaSense File Sync after login” -- allows AlphaSense to have live connection upon account log-in
“Auto create team tags from folder name” -- replicates the Folder Name in Team Tag structure within AS UI
Default Download & Upload Speed both at “0”
NOTE: FileSync is an External MSI Applications, which gets restarted on Machine re-Start (it is not an Applications Service controlled under Windows Services)
Proxy Settings
If user leverages a proxy server, there are a few configurations recommendations
If proxy servers are in place, you can check the following URLs to verify successful connection to AlphaSense endpoints
If connection to these endpoints are unsuccessful, user will unlikely be able to connect and authenticate FileSync and would receive the following error message: ‘Network Error:\n Connection refused’
Else, if failure persists, the IT team should check CONNECTIONS setting on the local machine.
Firewall Settings
Ensure that https://research.alpha-sense.com and https://usercontent-research.alpha-sense.services are again whitelisted with the following port numbers -- 80 and 443 (TCP, UDP).
Evernote
Types of Evernote Account Supported -- Business & Personal
Users may be required to unblock/permission pop ups
AlphaSense leverages Evernote’s OAuth Windows. Please ensure to authorize account connection
OneNote or SharePoint
AlphaSense leverages the Microsoft Graph API to credential users who are syncing these sources. A user can utilize their Microsoft credentials to create a connection for their OneNote or SharePoint account and AlphaSense.
Depending on a user’s firm policy, this connection may either be unrestricted and immediately allow users to see their OneNote Notebooks or SharePoint Folders. They can proceed to sync these items and once sync is completed any additions, deletions or edits to notes or files added to these Notebooks or Folders at source will then be reflected back into AlphaSense.
In most cases, companies restrict user access and users might see similar messages as below. At this point, AlphaSense is passing a request to the user's IT administrators to enable this connection.
IT Administrators can go to Microsoft Azure Portal and review items under Activity → Admin consent requests. AlphaSense OneNote or AlphaSense SharePoint should appear on the list and will be subject to IT Admin’s permissioning.
Per Azure:
Select an application to review who requested access. After selecting an application, you will be able to approve, block, or deny the admin consent requests for the selected application.
Approving the application requires you to review the application’s permissions and grant admin consent. Granting admin consent to the application will add it to your directory and all users will be able to access it unless you restrict access to the application.
Blocking the application means that it will be added to your directory with a disabled status. Users won't be able to use it or access it.
Denying the admin consent request will not block or add the application to your directory. The request will be ignored, but may return if another user requests access.
IT Administrators may choose two different paths to permissioning under Manage → User Settings
Option 1 will enable users to consent app connections (such as AlphaSense) to their OneNote or SharePoint account without an IT administrator.
Option 2 will send an IT administrator a request and the user will receive a message requiring Admin Approval each time a new app is being registered.
Box
Integrate documents from your Box account into AlphaSense, easily expanding your access to valuable internal content on the AlphaSense platform, creating a more seamless workflow experience.
By syncing your Box content to AlphaSense, you'll not only save time not needing to check multiple, disparate systems but also increase your confidence by searching all your content sets in one platform.
To sync your account:
Select Integrations on the left-hand sidebar of the platform
Select Box
Click Connect Box to be redirected to an authorization window where you may sign in.
Once authorized, you will be able to select the folders you want to automatically sync to AlphaSense
Considerations
Depending on your organization's settings, you might need to get in contact with your Box administrator
Both new and existing folders will default to being auto-synced
Updates to previously uploaded, editable files (ex: Word, Excel, etc) will not overwrite highlights/annotations made in AlphaSense.
Google Drive
The integration allows organizations and users to connect their Google Drive accounts and ingest both personal and shared data while maintaining strict security and access controls.
AlphaSense conducted a CASA (Cloud App Security Assessment) Tier 2 Evaluation for our Google Drive integration to assess its security posture and compliance with industry standards.
This assessment along with PenTest helps validate the integration’s adherence to best practices in data protection, encryption, and access management.
The application was approved post the CASA evaluation.
The application was approved post the CASA evaluation.
Data Security & Access Controls
OAuth 2.0 authentication ensures secure access to Google Drive data.
Mapping of permissions architecture is implemented to restrict permissions based on user roles and prevent unauthorized access
Encryption is enforced for data in transit and at rest.
Logging and monitoring mechanisms track access and modifications.
AlphaSense securely stores only user-selected Google Drive files for enhanced discoverability. Importantly, no Google Workspace APIs are used to develop, improve, or train generalized AI and/or ML models on any customer data or inputs. Customers retain full control over their data, with the ability to purge it as needed.
Bulk / Programmatic Uploads
SFTP
What is it?
The SFTP solution is crafted to facilitate swift uploads of substantial data volumes within the AlphaSense platform. It streamlines the process of importing content from shared network drives, ensuring seamless transfers without interruptions or the need for manual interventions. Additionally, it empowers users to sync multiple folders from a Windows machine directly into the AlphaSense platform.
For more details around the Installation guide, please refer the below document: https://download.alpha-sense.services/sftp-sync/SFTP%20Sync%20Installation%20Guide.pdf
Who is it suited for?
The SFTP solution is ideal for customers aiming to transfer significant volumes of their internal content without the necessity to restore metadata linked to individual documents. Not requiring a dedicated technical team for setup, this solution also offers the advantage of enabling users to effortlessly utilize Auto-synchronization features for folders.
Features Capabilities:
Support Bulk Uploads
Auto Synchronization of Folders
Folder based Auto tagging
Limitations:
No Custom tags
No Custom Sharing
No custom Company tickers
Incapable to delete whole folder
Ingestion API
What is it?
The Ingestion API presents a streamlined solution utilizing API, facilitating the seamless upload of internal content in Bulk from the customers. This includes essential metadata linked to pertinent documents. Additionally, it empowers users by enabling attachment uploads and customized document sharing options.
Following the ingestion of internal content, the platform allows convenient access via search functionalities. Users can efficiently navigate and locate content by applying diverse filters and keyword searches within the AS platform.
For more details, visit: https://developer.alpha-sense.com/api/ingestion/
Who is it suited for?
The Ingestion API is targeted towards customers seeking to migrate their internal content into AS, while preserving metadata and gaining enhanced control over document entitlements. Integration with the customer's internal content repository is imperative for leveraging the API's capabilities, necessitating a dedicated technical team from the customer's end to effectively utilize the Ingestion API features.
Requesting an API Key
To enhance the security and management of our services, we currently handle API key distribution through a manual request process. If you require an API key for either SaaS or Private Cloud application, please follow the steps below:
Submit Your Request: Reach out to us via our designated contact channel (e.g., email, contact form). Please provide the following details:
Organization Name: The name of your organization or company.
Valid Email Address: An email address where we can send the API key and further instructions.
Review Process: Our team will review your request to ensure compliance with our usage policies and terms of service.
Key Issuance: Once approved, we will issue your API key and send it to the provided email address along with any necessary instructions and documentation.