// Trust & Security Report
Altered Ltd
Altered AI voice changer / voice content creation suite (Altered Studio, Altered RealTime Pro)
Certifications held
3
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on altered.ai“Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.”
> Show 2 unconfirmed / not-held certifications
source: altered.aiWe will not store or collect Your payment card details... These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
unknown
No explicit statement that customer audio/voice is or is not used to train Altered's models. The privacy policy lists service-improvement and analytics as a use of Personal Data ('to evaluate and improve our Service'), but does not specifically address training voice models on user uploads. The product mitigates this for some workflows by offering fully local processing: marketing pages state 'Clone locally on your own PC without exposing your data to any server' and 'Without cloud transfers, your data never leaves your premises' (Local cloning). Cloud ('Rapid') and Custom services do send audio to Altered/cloud infrastructure (AWS, plus Google/Microsoft for speech transcription). Voice cloning of a real person and Custom Voice services raise consent/biometric considerations the user must manage. Treat training-on-customer-data as UNVERIFIED, not confirmed-false.
// Security controls
Encryption
Not verified - no specific encryption-in-transit/at-rest statement found on any page. Privacy policy includes a generic 'no method of transmission over the Internet... is 100% secure' disclaimer.
altered.aiLocal / on-device processing option
Yes - Local cloning runs on the user's own machine; 'Local processing ensures your privacy', 'your data never leaves your premises'. Strongest privacy control offered.
altered.aiSub-processors
Amazon AWS (account management, audio file storage/transfer), Google and Microsoft (cloud speech transcription), Stripe/Chargebee/GoCardless (payments).
altered.aiPenetration testing
Not verified - no mention found.
Bug bounty program
None found - no HackerOne, Bugcrowd, or self-managed program referenced on any page.
Content authenticity / watermarking
Stated intent: ethics page pledges 'logs and digital signatures (audio watermarking)' to trace synthetic content and supports detectability of synthetic media.
altered.aiGoogle API limited-use compliance
States adherence to Google API Services User Data Policy Limited Use; will not use Google Drive data for ads and restricts human access.
altered.ai// Products & data scope
data: User uploads audio/video Content. Cloud-based workflows ('Rapid' cloning, transcription) send audio to AWS plus Google/Microsoft transcription services. Personal/account data (email, name, phone, address, payment, usage data) collected.
Desktop application. Voice cloning available either locally (data stays on device) or via cloud (Rapid).
data: Real-time voice morphing runs on local CPU (1-4 cores) for low latency, suggesting on-device processing for the live transform; account/usage data still collected by the service.
Real-time path is described as CPU/local for latency; live audio handling specifics not formally documented.
data: Processing performed by Altered ('Altered' column in comparison). Involves submitting target voice recordings to Altered; highest third-party data exposure of the three options. Raises consent/biometric-data obligations.
Dedicated account manager; contact-sales motion. Best to request a DPA and consent terms directly.
// What to watch
- No trust center, no security page (altered.ai/security 404), no published SOC 2 / ISO 27001.
- Encryption in transit/at rest not documented anywhere on the site.
- Whether customer voice uploads are used to train models is not explicitly stated - treat as unverified, not safe-by-default. Cloud and Custom workflows transmit audio to AWS/Google/Microsoft.
- Voice cloning + Custom Voice services involve biometric/voice-identity data and third-party consent obligations the customer must manage; no DPA located.
- Home page footer still shows 'Copyright 2022-2023' though Terms were updated June 2025 - site freshness mixed.
- Small UK company (Altered Ltd, Company No. 11564329); startup-stage compliance maturity is normal for this category.
// At a glance
Pricing model
Paid subscription (monthly/annual, auto-renewing), with free trial; tiered licences (Creator licence for <5 employees and <$100k revenue; Commercial licence for broader use). In-app purchases via app stores possible.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Altered Ltd's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
altered.ai