// Trust & Security Report

    Animoto Inc. logo

    Animoto Inc.

    Cloud-based video creation and editing platform for marketing, social media, training, and business communications. Includes features for drag-and-drop editing, screen recording, collaboration, and AI-powered video generation.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Personal data previously collected from the European Union, United Kingdom, or Switzerland will continue to be protected by Animoto in an adequate manner as defined by the GDPR, including through Standard Contractual Clauses with data processors and sub-processors outside of the EU and UK.

    Verify on help.animoto.com
    > Show 6 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No public evidence of SOC 2 Type 1 certification found on vendor domain or public trust documentation.

    source: upguard.com
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence of SOC 2 Type 2 certification found on vendor domain or public trust documentation.

    source: upguard.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on vendor domain or public trust documentation.

    source: upguard.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance or certification found. Animoto is a video creation tool not positioned for healthcare data.

    source: upguard.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on vendor domain.

    source: upguard.com
    HITRUST
    NOT CONFIRMED

    No public evidence of HITRUST certification found on vendor domain.

    source: upguard.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    United States (AWS infrastructure)

    Animoto offers AI video generation features ('AI video maker') but no public documentation found on whether training data includes customer-created content or if opt-out is available.

    // Security controls

    Encryption in Transit

    Yes, TLS/SSL with HSTS enforcement. Industry standard SHA-256 encryption.

    upguard.com

    Encryption at Rest

    Yes, AWS-managed encryption keys for data at rest.

    help.animoto.com

    Data Centers

    Amazon Web Services (AWS) infrastructure.

    help.animoto.com

    Content Security Policy (CSP)

    Not implemented - identified as security gap increasing XSS and clickjacking risks.

    upguard.com

    DNSSEC

    Not enabled - security gap identified.

    upguard.com

    CAA Records

    Not enabled - security gap identified.

    upguard.com

    SPF/DMARC

    SPF correctly configured, DMARC policy implemented (set to quarantine).

    upguard.com

    Third-Party Processor Vetting

    Animoto evaluates third-party processor privacy, security, and confidentiality practices before engagement and executes binding agreements.

    help.animoto.com

    Incident Response

    Maintains written policies governing data security, including breach response and incident management.

    help.animoto.com

    // Products & data scope

    Animoto Video CreatorVideo Creation & Editing

    data: User-uploaded media (photos, video clips, audio), project metadata, account information

    Cloud-based platform with collaboration features, screen recording, stock media integration (Getty Images), voiceover recording, and template library. Available as free tier and paid plans.

    // What to watch

    • NO MAJOR CERTIFICATIONS: Lacks SOC 2, ISO 27001, HIPAA, and other enterprise compliance certifications. No dedicated trust center.
    • DATA BREACH HISTORY: Significant 2018 data breach affecting approximately 22 million users; infostealer malware detected on systems per UpGuard.
    • SECURITY GAPS: No Content Security Policy (CSP) header, DNSSEC, or CAA records identified by UpGuard - increases XSS/clickjacking and DNS spoofing risks.
    • SECURITY RATING: UpGuard rating B (784/950) indicates moderate security posture, not enterprise-grade.
    • AI TRAINING UNDOCUMENTED: Product offers 'AI video maker' features but no public documentation on whether customer data is used for model training or if opt-out is available.
    • GROWTH MATURITY: No trust center, no major certifications, suitable for SMB/marketing use but not for regulated industries or sensitive data.
    • GDPR READY: Positive finding - Standard Contractual Clauses and data protection measures documented for EU compliance.

    // At a glance

    Pricing model

    Freemium (free tier with limited exports) plus paid subscription tiers

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Animoto Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    animoto.com

    > Browse all vendor trust reports