Security & Compliance

Security at Consilience

Consilience AI protects customer data through a SOC 2-aligned information security program, infrastructure hosted entirely on Amazon Web Services, and encryption of all data in transit and at rest. Our platform deploys inside your own AWS environment, so your modeling data never leaves your control. We undergo independent third-party audits and penetration testing at least annually.

Last updated: May 27, 2026

SOC 2-aligned programHosted on AWSEncrypted in transit & at restAnnual third-party pen test

How we handle your data

Your data stays in your environment

Consilience is designed for financial institutions that cannot move sensitive data to third-party infrastructure. The platform runs where your data already lives.

Deploys in your AWS VPC

The Consilience platform runs inside your own AWS account — no shared infrastructure and no third-party data ingestion.

Zero data egress

Your modeling data never leaves your environment. We operate on your data where it already lives.

You own the models

Every feature has a human-readable definition and every training run is logged and versioned. No black boxes.

Organizational Security

A documented program, owned by people

Information Security Program

We maintain an information security program that is communicated across the organization and follows the criteria set forth by the SOC 2 framework — a widely recognized auditing standard from the American Institute of CPAs (AICPA).

Third-Party Audits

We undergo independent third-party assessments that test our security and compliance controls against recognized standards.

Third-Party Penetration Testing

We commission an independent third-party penetration test at least annually to confirm the security posture of our services is uncompromised.

Roles and Responsibilities

Security roles and responsibilities are well defined and documented, and every team member is required to review and accept our security policies.

Security Awareness Training

All team members complete security awareness training covering industry-standard topics such as phishing and password management.

Confidentiality

Every team member signs and adheres to an industry-standard confidentiality agreement before their first day of work.

Background Checks

We perform background checks on all new team members in accordance with local laws.

Cloud Security

Built on AWS, encrypted end to end

Cloud Infrastructure Security

All of our services are hosted on Amazon Web Services (AWS), which operates a robust security program backed by multiple independent certifications.

AWS security

Data Hosting Security

Our own data is hosted in AWS databases located in the United States. Refer to the AWS compliance documentation for details on their physical and environmental controls.

AWS compliance

Encryption at Rest

All databases and persistent storage are encrypted at rest.

Encryption in Transit

Our applications encrypt data in transit with TLS/SSL only — traffic is served over HTTPS.

Vulnerability Scanning

We perform vulnerability scanning and actively monitor for emerging threats.

Logging and Monitoring

We actively log and monitor activity across our cloud services to detect anomalous behavior.

Business Continuity & Disaster Recovery

We use AWS backup services to reduce the risk of data loss from hardware failure, and monitoring services alert the team to any failures affecting users.

Incident Response

We maintain a process for handling information security events that covers escalation procedures, rapid mitigation, and communication.

Access Security

Least privilege, reviewed regularly

Permissions and Authentication

Access to cloud infrastructure and other sensitive tools is limited to employees who require it for their role. Where available, we enforce single sign-on (SSO), two-factor authentication (2FA), and strong password policies.

Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management.

Quarterly Access Reviews

We perform quarterly access reviews of all team members with access to sensitive systems.

Password Requirements

All team members must adhere to a minimum set of password length and complexity requirements.

Password Managers

Company-issued laptops use a password manager so team members can maintain strong, unique credentials.

Vendor & Risk Management

Threats and vendors, assessed before they reach you

Annual Risk Assessments

We undergo at least annual risk assessments to identify potential threats, including considerations for fraud, and to prioritize mitigations.

Vendor Risk Management

We determine vendor risk and complete the appropriate reviews before authorizing a new vendor.

Common questions

Security FAQ

Is Consilience AI SOC 2 compliant?

Consilience’s information security program follows the criteria set forth by the SOC 2 framework, and we undergo independent third-party assessments of our security and compliance controls. Email security@consilienceai.com to request our current compliance documentation.

Where is Consilience’s data hosted?

All Consilience services run on Amazon Web Services (AWS), with data hosted in AWS databases located in the United States. Data is encrypted in transit with TLS and encrypted at rest.

Does my data leave my environment when I use Consilience?

No. The Consilience platform deploys inside your own AWS VPC, so your modeling data never leaves your environment — there is no third-party data ingestion and no shared infrastructure.

How do I report a security vulnerability?

Email security@consilienceai.com. Our disclosure contact is also published at /.well-known/security.txt.

Contact us

If you have questions, comments, or concerns — or if you wish to report a potential security issue — please reach out. Our disclosure contact is also published at /.well-known/security.txt.

security@consilienceai.com

See also our Privacy Policy and Terms of Use.