AlphaSense classifies data in terms of legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Individual organizations, departments, and divisions are responsible for identifying the specific requirements associated with their data, and are accountable for ensuring that their information assets are maintained in accordance with any appropriate legal or business requirements. For more information, visit our Trust Center.

Table of Contents

Data Centers & Admin Access

User Authentication and Data Transmission Security

Network Security

Single Sign-On (SSO)

Data Security and Retention Policies

Threat and Vulnerability / Intrusion Detection

Audit Controls / User Activity Reporting

Content Integration Overview by Channel Type

AlphaSense partners with Amazon Web Services (AWS), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems

Access to servers hosted by AWS is protected by multi-factor authentication (MFA) protocols, and user access control is managed by Identity Access Management tools, via secure communication sessions over SSL/TLS

All end user communication to AlphaSense servers is via HTTPS secure web protocol and behind a user authenticated login process

All user requests are authenticated using one-way encryption against a highly secure database, and by named servers with specific access keys

The connections to the AlphaSense site are encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).

User data is stored with scrambled names mapped to user specified names through a second secure mapping layer. This ensures that in the unlikely event of an intrusion, an intruder will be unable to ascertain file names or view any content

User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard, using 256-bit encryption keys Database drives, the search engine, and system drives that store user data are directly encrypted

Data in Transit

* SSL encryption is used to secure the transport of sensitive data across the following environments:

AlphaSense servers are hosted behind a firewall with ingress and egress ports turned off, and limited to a single HTTPS access on the server catering to user requests.

Subsystems are further isolated to Virtual Private Clouds without Internet access, which limits access to only specific named servers within the firewall, and via highly secure, one-way encryption keys

Physical Security

We use AWS to host our infrastructure. Physical access to data centers is restricted as per AWS physical security protocolsThe measures are mentioned here : https://aws.amazon.com/compliance/data-center/controls/

Local access to AlphaSense offices is via keycard access and biometric security access which is provided to the employees, CCTV cameras across perimeter, building, office space, and Security guards continuously monitor all cameras.

AlphaSense supports SAML 2.0 and uses OAuth2 standard authorization.

User authentication data is stored in the application's internal database. We don't support authentication against customer's LDAP or Active Directory.

AlphaSense only retains information for as long as the company has a legitimate, continued need for it or in accordance with applicable legal or regulatory requirements. Once data is no longer required, it is to be either disposed of or archived. While disposal is the preferred outcome for data that is no longer required, archival is an option for business units who believe there may be some uncertainty regarding future requirements for aged data. Data owners are responsible for determining the appropriate retention period(s) for their data and working with IT to ensure that it is aged in accordance with any appropriate regulations or other requirements.

Unless notified of special retention requirements for information by the data owner, AlphaSense IT will apply default retention periods and disposal requirements on all company data, based on its classification.

Data owners of Confidential and Private data are required to specify the data retention period, determined through consultation with the legal department. Business units should carefully consider the costs and legal risks associated with data retention vs. archival or data destruction when establishing retention standards for their data.

FINRA/SEC RULE 17A-4(F) AlphaSense complies with write once read many (WORM) retention requirements, like SEC 17A-4

Confidential Data

There is no default retention period for confidential information. Data must be encrypted where possible, using approved cryptographic algorithms and key strength.

Private Data

Unless otherwise specified below by the data owner, all data classified as AlphaSense Private Data is retained for five (5) years by default. Archival to electronic media is an available option for this class of data and archival records can be retained by the data owner as long as deemed necessary and appropriate.

Internal Data

The default retention period for AlphaSense Internal data is three (3) years, at which time it is subject to disposal. If archival is required or desired, data owners must submit a request to IT prior to the scheduled destruction date, and must be approved by the requestor’s supervisor. Electronic media and paper records containing AlphaSense Internal data must be disposed of using approved, secure methods.

Public Data

Public data is retained seven (7) years by default, though its public availability should be reviewed at least annually. Upon reaching the end of its retention period, all AlphaSense Public data is to be archived prior to destruction. No special disposal methods are required for Public data.

Personally Identifiable Information

Personally identifiable information will be disposed of when legal conditions for retaining it terminates. Users will be given one month to respond with any special requirements for archiving or to request exceptions from AlphaSense data retention policies, after which time IT will dispose of the data in accordance with this policy.

Legal Requirements

Under certain circumstances, AlphaSense may become subject to legal requirements requiring retention of data associated with legal holds, lawsuits, or other matters as stipulated by AlphaSense’s Legal department. Such records and information are exempt from any other requirements specified within this Data Management Policy and are to be retained in accordance with requirements identified by the Legal department.

The entire site is constantly monitored and any access in or out is logged for access anomaly detection.

The site is regularly tested for penetration and vulnerability by trained security specialists.

We perform annual external penetration testing using an accredited vendor. Available on request under signed NDA or similar obligations of non-disclosure.

Web service uptime at the server level is continuously monitored for any unexpected downtime incidents or high usage that could portend denial of service attacks.

All VPC flow logs are enabled with AWS config rules. They get sent to AWSGuardDuty to detect any malicious activity and is reviewed regularly. No Customer data is stored in these logs as they are infrastructure level logs.

AlphaSense Enterprise Security

We use Carbon Black solution with EDR capability. Signatures are updated regularly as they are released by the vendor. Emails are being scanned with our email protection system. Antivirus scans all on-access files and have capability to run scans on web applications as well.

We use Avanan email protection system as our secure email gateway for all inbound/outbound emails to prevent our employees from phishing attacks and spam.

AlphaSense maintains Logs of all User Activity and can provide utilization reports upon client request.

Client Security Teams can limit AlphaSense functionality and broad access controls at a user by user level.

Recommended Virtual Machine Requirements:

To install FileSync in the virtual machine, they can download MSI here:

https://download.alpha-sense.services/alphasense-file-sync-en-3.5.1.msi

If user leverages a proxy server, there are a few configurations recommendations

If connection to these endpoints are unsuccessful, user will unlikely be able to connect and authenticate FileSync and would receive the following error message: ‘Network Error:\n Connection refused’

Else, if failure persists, the IT team should check CONNECTIONS setting on the local machine.

AlphaSense leverages the Microsoft Graph API to credential users who are syncing these sources. A user can utilize their Microsoft credentials to create a connection for their OneNote or SharePoint account and AlphaSense.

Depending on a user’s firm policy, this connection may either be unrestricted and immediately allow users to see their OneNote Notebooks or SharePoint Folders. They can proceed to sync these items and once sync is completed any additions, deletions or edits to notes or files added to these Notebooks or Folders at source will then be reflected back into AlphaSense.

In most cases, companies restrict user access and users might see similar messages as below. At this point, AlphaSense is passing a request to the user's IT administrators to enable this connection.

IT Administrators can go to Microsoft Azure Portal and review items under Activity → Admin consent requests. AlphaSense OneNote or AlphaSense SharePoint should appear on the list and will be subject to IT Admin’s permissioning.

Per Azure:

Select an application to review who requested access. After selecting an application, you will be able to approve, block, or deny the admin consent requests for the selected application.

Approving the application requires you to review the application’s permissions and grant admin consent. Granting admin consent to the application will add it to your directory and all users will be able to access it unless you restrict access to the application.

Blocking the application means that it will be added to your directory with a disabled status. Users won't be able to use it or access it.

Denying the admin consent request will not block or add the application to your directory. The request will be ignored, but may return if another user requests access.

IT Administrators may choose two different paths to permissioning under Manage → User Settings

Integrate documents from your Box account into AlphaSense, easily expanding your access to valuable internal content on the AlphaSense platform, creating a more seamless workflow experience.

By syncing your Box content to AlphaSense, you'll not only save time not needing to check multiple, disparate systems but also increase your confidence by searching all your content sets in one platform.

To sync your account:

Considerations

What is it?

The SFTP solution is crafted to facilitate swift uploads of substantial data volumes within the AlphaSense platform. It streamlines the process of importing content from shared network drives, ensuring seamless transfers without interruptions or the need for manual interventions. Additionally, it empowers users to sync multiple folders from a Windows machine directly into the AlphaSense platform.

For more details around the Installation guide, please refer the below document: https://download.alpha-sense.services/sftp-sync/SFTP%20Sync%20Installation%20Guide.pdf

Who is it suited for?

The SFTP solution is ideal for customers aiming to transfer significant volumes of their internal content without the necessity to restore metadata linked to individual documents. Not requiring a dedicated technical team for setup, this solution also offers the advantage of enabling users to effortlessly utilize Auto-synchronization features for folders.

Features Capabilities:

Limitations:

What is it?

The Ingestion API presents a streamlined solution utilizing API, facilitating the seamless upload of internal content in Bulk from the customers. This includes essential metadata linked to pertinent documents. Additionally, it empowers users by enabling attachment uploads and customized document sharing options.

Following the ingestion of internal content, the platform allows convenient access via search functionalities. Users can efficiently navigate and locate content by applying diverse filters and keyword searches within the AS platform.

For more details, visit: https://developer.alpha-sense.com/api/ingestion/

Who is it suited for?

The Ingestion API is targeted towards customers seeking to migrate their internal content into AS, while preserving metadata and gaining enhanced control over document entitlements. Integration with the customer's internal content repository is imperative for leveraging the API's capabilities, necessitating a dedicated technical team from the customer's end to effectively utilize the Ingestion API features.

Requesting an API Key

To enhance the security and management of our services, we currently handle API key distribution through a manual request process. If you require an API key for either SaaS or Private Cloud application, please follow the steps below: