Security
Third-party verified, enterprise-grade security
Certified, audited, and ready for your security review.
500,000+
Protecting data from brands products globally
1 in 4
World’s top F&B companies trust us with their most sensitive data
100%
Big Four audit pass rate
Meet enterprise security
requirements from day one
ISO 27001 Certified
SOC 2 Type II Attested
SAML 2.0 & OIDC
SCIM Provisioning
Encryption in Transit & at rest
Protect sensitive data with layered security controls
Enterprise-grade cloud infrastructure with strong tenant isolation, layered security controls, and continuous threat monitoring.
No single point of compromise
Defence in depth at the architecture level. Multiple overlapping controls mean if one layer is compromised, others remain in place.
Explore CSRD reporting
Data protected at every layer
Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Data remains encrypted throughout processing and storage with no plaintext exposure.
Explore CSRD reporting
Detect and respond to threats in real-time
The platform is continuously monitored for security events and anomalies with automated threat detection and response. SIEM systems log all access and actions.
Explore CSRD reporting
Integrate identity and enforce your policies
Integrate with your existing identity infrastructure and enforce your own access policies. Control exactly who accesses what, track every action, and eliminate shadow IT and orphaned accounts.
SAML 2.0, OIDC, and SCIM provisioning
Integrate with any major Enterprise Identity Provider. Automate user lifecycle management. If you don't use SSO, we enforce strong credentials and 2FA.
Fully configure permissions
Define roles based on job responsibilities: sustainability leads, analysts, external partners, auditors. Configure granular access at Business Unit and Data Source level. You control who sees what.
Comprehensive audit logging
Get a complete audit trail of all user actions, data access, and configuration changes. Export logs for your SIEM or compliance systems.
Independently verified by third-party auditors
Accelerate security review with ISO 27001 and SOC 2 Type II verification. Download audit reports and certifications from our Trust Center – objective evidence ready when you need it.
See more about Security
ISO 27001 and SOC 2 Type II certified
Continuously verified by independent auditors against ISO 27001 and SOC 2 Type II standards.
Explore CSRD reporting
Documentation ready when you need it
ISO 27001 certificates, SOC 2 Type II reports, penetration test summaries, and security questionnaire responses. All available under NDA via our Trust Center. No chasing documentation.
Explore CSRD reporting
We work with your security team
We work directly with your security, risk, and compliance teams on you vendor assessments, security questionnaires and any other requirements. We've passed security review for some of the largest enterprises globally.
Read more about Security
Get rid of climate busywork
Independent assurance is a core part of our security approach. We work regularly with enterprise security, risk, and compliance teams – supporting vendor risk assessments, responding to security questionnaires, and aligning on customer-specific requirements.
Further information (including audit reports, certifications, and supporting security
documentation) is available via our Trust Center.
Further information (including audit reports, certifications, and supporting security
documentation) is available via our Trust Center.
Built for messy enterprise data
Altruistiq Data has been designed for the reality of enterprise sustainability data – inconsistent naming, mixed formats, legacy systems, and incomplete fields.
We automatically handle data transformation and classification using AI. Your data stays in Altruistiq's ISO 27001-certified environment, always.
Not a rigid template system
Altruistiq doesn't force you into predefined formats. It adapts to your data structure, whether that's disconnected Excels, ERP exports, or well-organized data lakes.
Explore CSRD reporting
Full traceability
Every data transformation, classification decision, and mapping choice is tracked in the audit log. See exactly how raw data became clean, categorized emissions data.
Explore CSRD reporting
Stay in control
Evie does the heavy lifting but never makes changes without your approval. Review, adjust, or undo any action before it's final.
Explore CSRD reporting
“There’s been so much joy for me in being able to visually tell a story through the data. I think for me it’s about being able to communicate impact in a way that anyone can understand.”
Emma Detain
Sustainability Manager @ Huel
Read the full story
"If I was doing that in Excel, it would take me like days. I couldn't even put into words how much time I saved."
Elliot Baird
Impact Analyst @ GrowUp Farms
Read the full story
"We need to calculate our footprint and measure our impact in a way that is robust, auditable, and at a very large scale."
"We need to calculate our footprint and measure our impact in a way that is robust, auditable, and at a very large scale."
“Having better quality data and being more accurate in our analysis allows us to support better decision making. Altruistiq has really enabled that.”
“Having better quality data and being more accurate in our analysis allows us to support better decision making. Altruistiq has really enabled that.”
"We can now see the footprint of a bottle of ketchup, broken down into its components. It's completely new information that used to take months to collect. That is just transformative."
“We're seeing analysis like we've never seen before with the Altruistiq platform. I can actually see the bottle of ketchup and the impact broken down into components. It's completely new information that used to take months to collect.”
That’s not all we do
What you can achieve with our
Emissions Factors Database
Improve Scope 3 Accuracy
Integrate supplier-specific data and granular emissions factors across your value chain.
Explore Scope 3 accuracy
Eco-Design
Make better product design decisions with granular ingredient and material factors.
Explore Eco-Design
Decarbonisation
Identify hotspots you'd miss with generic averages. Model initiative impact with specific factors.
Explore Decarbonisation
Security is a partnership
Have specific security or compliance requirements? Contact our security team.
We work directly with enterprise IT and procurement to support vendor risk
assessments and align on custom needs.
We work directly with enterprise IT and procurement to support vendor risk
assessments and align on custom needs.
FAQs
What security certifications does Altruistiq hold?
ISO 27001 certified and SOC 2 Type II attested. Independent auditors verify our controls continuously against industry standards.
How is customer data encrypted?
Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. No plaintext exposure during processing or storage.
Does Altruistiq integrate with our identity provider?
Yes. We support SAML 2.0, OIDC, and SCIM provisioning for integration with any major Enterprise Identity Provider. If you don't use SSO, we enforce strong credentials and 2FA.
Can we configure our own access controls?
Yes. Define roles based on job responsibilities and configure granular access at Business Unit and Data Source level. You control who sees what.
How do we access audit reports and certifications?
ISO 27001 certificates, SOC 2 Type II reports, penetration test summaries, and security questionnaire responses are available via our Trust Center.
What if the regulations change after we've built our compliance workflow?
Your data model doesn't need rebuilding when frameworks update. Because data is organised by business activity (not by reporting standard) you apply new disclosure logic without re-collecting anything. Regulations multiply; your compliance infrastructure doesn't.
Do you support vendor risk assessments?
Yes. We work directly with your security, risk, and compliance teams on vendor assessments, security questionnaires, and any other requirements. We've passed security review for some of the largest enterprises globally.
How do you detect and respond to threats?
The platform is continuously monitored for security events and anomalies with automated threat detection and response. SIEM systems log all access and actions.
What about data security?
SOC-2 certified. ISO27001 compliant. Your data never leaves your secure instance with Evie AI.
- Push-based data transfer (more secure – you control what we receive)
- Your data security is non-negotiable
- Row-by-row audit trail for full transparency
- AWS-powered infrastructure
- SSO ready for enterprise access control
With Evie, your data stays in your secure instance, it’s never sent externally for AI processing. You have complete control.
What about data security?
SOC-2 certified. ISO27001 compliant. Your data never leaves your secure instance with Evie AI.
- Push-based data transfer (more secure – you control what we receive)
- Your data security is non-negotiable
- Row-by-row audit trail for full transparency
- AWS-powered infrastructure
- SSO ready for enterprise access control
With Evie, your data stays in your secure instance, it’s never sent externally for AI processing. You have complete control.
©2026 Expanding Circle Ltd, all rights reserved.