Dataminr Trust Services

Dataminr has developed and maintains modern security infrastructure and tools including AI-enabled preventative and detective solutions to protect customer assets:

Red Teaming & Penetration Testing

Comprehensive application and network penetration testing is conducted at least annually by qualified, independent security firms. Testing providers are rotated to ensure diverse coverage and fresh perspectives on potential vulnerabilities. Third party red teaming including social engineering and AI adversarial testing are conducted at least annually. Additionally, Dataminr’s internal Trust team members conduct pen testing periodically throughout the year to address new products and features. Agentic AI-enabled automated red teaming and penetration testing is conducted continuously throughout the year.

Access management
Dataminr maintains a strict need-based approach to managing user access with unique user identifiers (UUIDs). SAML 2.0 support is available for customers to integrate their preferred Single Sign-On (SSO) solution.

Enterprise-Class VPN
Access to Dataminr’s production environment is protected by a VPN with multi-factor authentication (MFA). 

Physical Security

Third-party managed data centers incorporate biometric access controls, extensive security cameras, 24/7 security personnel, and maintain a complete log of access events. 

Secure Development Life Cycle (SDLC)
Dataminr applies a privacy-and-security-by-design approach, including approval processes, segregation of duties, peer code review, automated code scanning, and Quality Assurance (QA). Separate test and production environments are maintained, and customer data is not permitted in Dataminr’s test environment.

Configuration Management

Configuration baselines are established and enforced with hardening standards consistently applied. Baseline configurations are kept current and monitored to prevent deviations.

Network Security

Dataminr utilizes a multi-layered approach with extensive use of security groups configured to deny all traffic by default and allow only well-defined, permitted traffic. Industry standard Web Application Firewall (WAF) technology is maintained to protect Dataminr’s customer applications.

Encryption

Dataminr leverages industry standard encryption technologies to ensure that the confidentiality of customer data is protected. Customer data is encrypted at rest utilizing AES-256 and in motion using TLS 1.2 or higher.

Logging and Monitoring

Dataminr conducts infrastructure and application logging utilizing industry standard software solutions. AI-enabled intrusion prevention and detection systems are monitored by Dataminr’s 24/7/365 SOC. Anomalies are promptly investigated and addressed.

Architecture

Dataminr utilizes cloud infrastructure as a service (IaaS), leveraging modern containerized micro-service architecture and zero trust network segmentation. Architecture diagrams are maintained and reviewed on an annual basis. 

Data Loss Prevention (DLP)

Dataminr’s multi-tiered approach to DLP covers both production and corporate information resources. Dataminr’s DLP program enables systematic detection and prevention of suspicious or inappropriate data handling, creating an additional layer of protection for confidential data.

Threat Intelligence

Dataminr utilizes third-party threat intelligence services together with internal analysis to assess relevance and any needed mitigation. Real-time threat intelligence information includes, but is not limited to, denial of service, zero day, public exploits, and actively exploited vulnerabilities.

Incident Management

Dataminr has implemented a NIST-based incident response plan that includes clearly defined roles and responsibilities, communication requirements, as well as procedures for incident preparation, detection/identification, escalation, containment, eradication, recovery, and lessons learned. Appropriate channels for reporting incidents are communicated and maintained.

Asset Management

Dataminr maintains complete asset inventories covering hardware, software, and data resources with asset owners responsible for protecting confidentiality, integrity, and availability throughout the complete life cycle.

Third-party Risk
Dataminr’s third-party risk program includes security assessments of proposed and existing suppliers to ensure comprehensive trust programs have been implemented.

Training & Awareness

Employees complete security training upon hire and annually thereafter. Specialized annual training in areas such as secure coding is provided to the appropriate teams. Phishing simulations are conducted on a quarterly basis.

Security Operations

Dataminr maintains a 24/7/365 security operations center (SOC) for continuous customer protection. A third-party specialist incident response firm has been retained for rapid support in the unlikely event of a security or privacy incident.

Vulnerability Management

Internal and external application and network scans along with dynamic and static application security testing are conducted utilizing industry standard software solutions. Risk treatments are promptly identified, documented, and prioritized by qualified personnel. Dataminr also employs next generation red teaming and administers a private bug bounty program.

Resiliency 

Dataminr maintains business continuity and disaster recovery (BCDR) plans that outline the procedures to be followed in the event of an availability incident. Testing is conducted at least annually, including a lessons learned component. Additionally, redundant availability zones and cross-region data replication within Dataminr’s AWS infrastructure help to safeguard availability.

Want to learn more about Dataminr’s privacy practices? Review our Privacy Policy.

Dataminr is committed to strict protection of personal data for its customers and employees with emphasis in the following areas:

Privacy Impact Assessments

Dataminr conducts privacy impact assessments, data processing impact assessments, and other applicable privacy assessments. Privacy controls are implemented to treat identified risks.

Data Governance

Dataminr applies data protection and privacy principles to data processing activities, including confidentiality, limitations on data access and use, data minimization, data security, data disposal, and purpose limitation.

Data Residency

Dataminr is headquartered in the United States with subsidiaries in Canada, the United Kingdom, Ireland, France, Germany, Denmark, and Australia. Dataminr’s platform is hosted on AWS in Northern Virginia, United States.

Privacy Affiliations

Dataminr’s dedicated privacy and security professionals hold certifications from organizations such as the Information Systems Audit and Control Association (ISACA) and the International Association of Privacy Professionals (IAPP). Dataminr is a corporate member of the IAPP.

Regulatory Compliance
Dataminr has implemented processes and technologies to comply with GDPR, CCPA, and other global privacy regulations.

Data Processing Addendums (DPAs)

Dataminr uses a data processing addendum, where appropriate, to address relevant responsibilities, restrictions and obligations when Dataminr is acting in the data processing role (or other similar terms).

Cross-border Data Transfers

Personal data is only transferred across borders with appropriate mechanisms applied, in accordance with data processing terms. 

Data Subject Requests (DSRs)

Dataminr has procedures to assist customers (who act as Personal Data Controllers) in addressing data subject requests. Documented DSR procedures ensure requests are processed accurately and promptly.

Training & Awareness

Employees complete privacy training upon hire and annually thereafter covering the U.S. Privacy Act, the EU GDPR, and the CCPA.

Third-party Risk
Dataminr’s third-party risk program includes privacy assessments of proposed and existing suppliers to ensure appropriate privacy practices have been implemented.

Dataminr integrates Trust by Design practices throughout the complete AI system life cycle, from initial planning and development through deployment and operations.

Responsible AI Framework

Dataminr is among the first 40 organizations worldwide to earn ISO 42001 AI Governance certification, demonstrating our strong commitment to internationally recognized standards for Responsible AI. This certification provides third-party assurance of our AI governance practices. Additionally, Dataminr has adopted NIST’s AI Risk Management Framework. 

Reliability & Safety 

Our AI systems undergo rigorous testing protocols including adversarial testing, performance validation across diverse scenarios, and safeguards to help prevent false positives. We maintain human oversight processes to ensure consistent performance and appropriate model behavior.

Continuous Improvement 

We continuously monitor our AI systems and implement iterative improvements based on quality assessments, performance metrics, emerging best practices, and customer feedback. 

Training & Awareness

Employees complete AI governance training upon hire and annually thereafter. Specialized annual training in areas such as OWASP Top 10 Risk and Mitigations for LLMs & GenAI Applications is provided to the appropriate teams.

Third-party Risk

Dataminr maintains a third-party risk program that includes AI assessments of proposed and existing suppliers to ensure AI governance.

Model Testing

Standardized procedures for ensuring optimal training, validation, and testing datasets are enforced, and potential impacts on model performance are carefully considered. Dataminr rigorously tests its AI models to identify any vulnerabilities and weaknesses, leveraging the OWASP Top 10 for LLM Applications, as well as a specialized model scanning solution. Additionally, third party adversarial model testing is conducted at least annually.