Skip to main content
A risk vendor that hands you a list of badges is asking you to trust the badge. Alterscope’s approach is the opposite: state the practices directly, in plain terms, so a risk or procurement reviewer can evaluate them on their merits.

What this section covers

  • Security — how API keys are issued, scoped, and revoked; how the credentials you connect are encrypted (envelope encryption with a managed cloud key service); how data in transit is protected (TLS, HSTS); and the browser/request protections applied on every response (CSP, CSRF, strict CORS).
The data side of the same trust story lives under the Data pages:
  • Data provenance — where the data comes from and how it is normalized.
  • Freshness & quality — how every response states its own freshness and a quality verdict.
  • Coverage & gaps — a machine-readable inventory of what’s covered and where the gaps are.

Compliance capabilities

  • Regulatory status reference. Token regulatory classifications across jurisdictions, available through the API. The data is reference information served with a standing disclaimer — it supports your own diligence and is not legal advice.

How we talk about capabilities

We describe a control in its real shape when it’s live in the product — for example, that customer credentials are encrypted with a managed cloud key service that is mandatory in production. We describe only what is in the product today rather than blurring the line with what might come later, and we make no certification claims. If your procurement process needs a specific control or document we haven’t described here, ask — a straight answer is part of the practice.