Trust & Security at Altss
Altss is built for institutional allocators, enterprise GPs, and regulated fund managers. Our security posture, compliance roadmap, and data methodology are published openly so your InfoSec team has what they need before the first call.
SOC 2 roadmap
Altss is currently undergoing SOC 2 Type II readiness and control monitoring through Vanta. Our control environment is being formalized for enterprise diligence, and we can share the current security posture directly with qualified prospects during review.
How we handle customer data
Workspace activity and customer inputs
- Customer research activity, notes, and saved lists are handled within access-controlled Altss systems.
- Encrypted data handling in transit and at rest.
- Workspace-scoped controls, authentication, and audit-oriented monitoring.
- Customer data is not sold or shared with third-party marketing companies.
- Customer data is not used to train external models.
How Altss builds public and product intelligence
- Platform intelligence is sourced from OSINT: public filings, regulatory disclosures, public news, verified registries, and published statements.
- No scraping of protected, gated, or authenticated content.
- No purchase of breached or leaked datasets.
- Records are built to remain traceable to public sources and verification workflows.
- Continuous re-verification cycles are described in detail on How We Collect.
Account security & access
- Permissioned access controls govern internal workflows and sensitive admin actions.
- Authentication and account-security controls are enforced for operational users.
- Audit-oriented logging supports security review and incident investigation.
- Session and credential controls are maintained as part of the broader application security posture.
Our data methodology
Altss data is built on open-source intelligence. Every record is designed to remain grounded in public sources, disciplined verification workflows, and professional fundraising context. We do not scrape gated content, purchase breached data, or aggregate private personal information outside professional market context.
- Sources include SEC filings (Form ADV, Form D, 13F), pension disclosures, Form 990/990-PF, endowment reports, sovereign wealth disclosures, verified corporate registries, and public statements.
- Verification combines OSINT sourcing, AI-assisted review, and human validation.
- Altss surfaces professional fundraising context, not personal information outside professional context.
Data subject rights & removal requests
- Individuals who want to review, correct, or remove a professional profile can contact privacy@altss.com.
- Altss reviews profile correction and removal requests in line with current policy documents and customer support workflows.
- Privacy and data-handling requests can be directed to privacy@altss.com for review.
Subprocessors
Altss maintains an evolving subprocessor view for enterprise review. If you need the current list or want to subscribe to material updates, email security@altss.com.
Incident response
Altss maintains a documented incident-response process aligned with enterprise review expectations. In the event of a security incident materially affecting customer data, Altss will notify affected customers in line with applicable law and contractual commitments.
Business continuity & uptime
- Operational monitoring and recovery planning are maintained as part of the Altss platform baseline.
- Encrypted backups and restoration workflows are part of the broader security review program.
- Enterprise security documentation can be shared during diligence conversations where appropriate.
Talk to our security team
Security posture, diligence requests, and security-review follow-ups.
Profile corrections, removal requests, and privacy-policy questions.
Route procurement, legal, and InfoSec conversations before a full sales cycle.