Security, Compliance, and Governance Built for Institutional Investors

Equity Data Science (EDS) helps hedge funds, asset managers, and wealth managers adopt alternative data and research workflows with confidence — with controls designed for investment committees, security teams, and compliance.

What Your Stakeholders Care About
  • Investment Teams: Fast access to validated data and clear provenance
  • Compliance: Auditable controls, retention, and evidence on demand
  • Security: Least-privilege access, encryption, and continuous monitoring
  • Technology: Clean integration paths and operational visibility

For engaged prospects: we can share detailed security documentation after a short review and a standard confidentiality agreement.

SOC 2 Type II Certified
Hosted on AWS
Defense-in-Depth

Layered security controls across identity, data, and infrastructure.

Encryption by Default

AES-256 at rest, TLS 1.2+ in transit. AWS KMS for key management.

Audit-Ready Operations

Comprehensive logging and evidence export designed for regulated environments.

Documentation on Request

Trust Pack: assurance reports, architecture overview, and compliance materials.

Built to Earn Trust Across the Entire Investment Committee

This page is written for non-technical decision-makers first — with a clear path for security and engineering teams to go deeper when needed.

CTOTechnology
  • Clear integration options (API-first, SSO, data exports).
  • Operational visibility: uptime, monitoring, and controls in one place.
  • Fully managed SaaS — no upgrade treadmill or infrastructure burden.
  • Designed to reduce vendor sprawl and "glue code."
CIORisk & oversight
  • Provenance you can explain to stakeholders and auditors.
  • Policy controls aligned with regulated investment operations.
  • Fast responses to due diligence requests.
PMResearch & PMs
  • Faster time-to-insight with validated data and consistent workflows.
  • Know where data came from and how it changed — without extra work.
  • Confidence to use alternative data at scale.
GRCSecurity & Compliance
  • Least-privilege access and enforceable policies.
  • Audit trails and evidence export designed for exams and internal audits.
  • Security documentation available under NDA.

The Four Pillars of Trust

We keep the story simple: a unified platform built for investment workflows, with strong security, practical compliance, and real governance around data and access.

1. Platform Integrity

Designed for institutional workflows — without patchwork.

Reduce risk and complexity by standardizing data intake, usage controls, and workflows in one place.

  • Unified Research Workflow: Intake → Analysis → Decision Support
  • Consistent Controls Across Teams and Use-Cases
  • Fewer Tools to Integrate and Maintain

2. Security

Protection that is easy to explain.

Security controls that match what institutional buyers expect — identity, encryption, monitoring, and logging.

  • Encryption in Transit and at Rest
  • Least-Privilege Access (RBAC) and strong authentication options
  • Ongoing Monitoring and Incident Response Processes

3. Compliance

Audit-Ready by Design

Immutable audit logs and exportable evidence.

  • Retention and supervision controls (configurable)
  • Contractual controls and confidentiality terms available

4. Governance

Know what you have, who can use it, and why.

Make data trustworthy by tracking lineage and enforcing permissions — from intake to decision.

  • Data Lineage and source-to-decision traceability
  • Consent/Licensing Controls and usage policy enforcement
  • Classification and Access Controls aligned to sensitivity

AI & LLM Governance

Your proprietary data stays yours. We've built hard guarantees into how EDS handles AI — no training on customer data, no retention by model providers, and deterministic calculations where accuracy matters most.

AI data protection

Zero Training. Zero Retention. Full Isolation.

Your data never improves a competitor's model. LLM providers (OpenAI, Anthropic, Google) operate in zero-retention mode with contractual guarantees.

0% training usage
Zero data retention
Vendor agreements in place
Data Protection
  • No model training — customer data is never used to train or fine-tune AI models
  • Zero retention mode — LLM providers do not store or reuse prompts or outputs
  • Contractual guarantees — vendor agreements ensure providers cannot store or reuse your data
  • Encryption everywhere — all data encrypted at rest (AES-256) and in transit (TLS 1.2+)
Data Isolation
  • Dedicated namespaces — each organization is isolated within OpenSearch and S3
  • Storage segregation — documents and embeddings separated at both storage and application layers
  • Sandboxed operations — all operations access-controlled and fully audited
  • No cross-org access — architectural boundaries prevent any cross-organization data leakage
Accuracy Safeguards
  • Deterministic financials — EPS, EBITDA, EVA computed by rule-based engines, not LLMs
  • Hybrid search — keyword matching combined with semantic vector search for precision
  • Finance-tuned embeddings — outperforms general models on FinQA and TATQA benchmarks
  • Three-layer guardrails — trusted sources, evaluation agents, and citations linking to source documents

Assurance and Compliance Materials

Buyers should never have to "take security on faith." We provide documentation and evidence for your review under NDA. Below are common requests we support.

SOC 2 Type II

Independently audited and certified. Report available under NDA during security review.

Security Testing

Third-party penetration testing program with executive summaries available upon request.

Books & Records

Configurable retention, supervision, and export workflows to support regulated operations.

BCP / DR

Business continuity and disaster recovery documentation available under NDA.

Audit Evidence

Export-ready logs and reports to streamline internal audits and external examinations.

Important: exact controls and certifications can vary by deployment and contract. We'll confirm specifics during your security review.

How Data Moves Safely Through EDS

A simple lifecycle view that non-technical stakeholders can understand — and security teams can validate.

Data lifecycle

From Intake to Audit, EDS Enforces Policy, Permissions, and Traceability.

1Intake

Validate sources, classify sensitivity, and standardize metadata.

2Permissions

Apply licensing/consent rules and enforce approved usage.

3Protection

Encrypt data and control access with least privilege.

4Orchestration

Route data to approved workflows and systems with policy checks.

5Usage

Provide fast access with clear provenance and monitoring.

6Audit

Capture evidence and export reports for reviews and examinations.

Technical Details (For Security & Engineering Teams)

This section is intentionally optional. Most buyers start with the outcomes above, then go deeper during security review.

Identity & access controls

We support least-privilege access patterns and enterprise authentication integrations.

  • Role-based access control (RBAC) and administrative separation of duties.
  • Support for SSO and enterprise identity providers (based on deployment).
  • Configurable access review workflows and privileged access management practices.
Encryption & key management

Data is protected with encryption controls in transit and at rest on AWS infrastructure.

  • TLS 1.2+ for all data in transit.
  • AES-256 encryption at rest using AWS KMS.
  • Key rotation and access logging via AWS CloudTrail (details shared under NDA).
Monitoring, logging, and audit evidence

We design logs and monitoring so your teams can quickly answer: "who did what, when, and why."

  • Comprehensive audit trails for access and administrative actions.
  • Alerting and anomaly detection patterns for suspicious access behavior (where applicable).
  • Export-ready reports for audits, exams, and internal reviews.
Data governance, lineage, and policy

Governance is treated as a first-class feature — not an afterthought.

  • Lineage tracking from source → transformation → usage.
  • Classification and tagging to enforce handling rules.
  • Consent/licensing controls to reduce misuse risk.
Business continuity and disaster recovery

High-availability architecture and recovery planning are part of our operational program.

  • Documented BCP/DR plans with periodic testing (summaries available under NDA).
  • RPO/RTO targets defined per deployment and contract.
  • Runbooks and escalation paths for incident response.

Due Diligence and Documentation

For engaged prospects, we provide a structured Trust Pack after a short review and standard confidentiality agreement (NDA). This keeps sensitive details protected while accelerating your internal process.

Data lifecycle

From Intake to Audit, EDS Enforces Policy, Permissions, and Traceability.

How to Get the Trust Pack

1Request a security briefing to align on your requirements and scope.
2Sign NDA to protect sensitive security and architecture details.
3Receive documentation and schedule a Q&A with our team.
Trust Pack Typically Includes
  • Security program overview + control mapping
  • Architecture and data flow overview
  • Assurance reports / testing summaries (as applicable)
  • BCP/DR overview and incident response process
  • Data handling and confidentiality terms
  • Subprocessor list

Exact contents depend on scope and deployment.

Ready for a Security Review?

Tell us your environment and requirements. We'll walk through how EDS fits your compliance posture and provide the next-step documentation under NDA.

Ready to Strengthen Your Investment Process?

Name