// Trust & Security Report
Opera Norway AS (Opera Limited, parent - NASDAQ: OPRA)
Opera AI (formerly Aria) — a free, browser-integrated AI assistant with image generation, file analysis, YouTube transcription, and web summarization. Available in Opera browser (desktop and mobile) with no account required; optional login for extended features.
Certifications held
2
Maturity
Enterprise
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on channeleye.media“Opera Group Limited has officially achieved ISO 27001:2022 certification, awarded by the British Standards Institution (BSI), marking a significant milestone in Opera's commitment to safeguarding information assets.”
Verify on opera.com“Opera Norway AS is subject to GDPR as a European company headquartered in Oslo, Norway. Privacy policy explicitly states GDPR compliance. Data Protection Officer: Lillian Blackadder (CIPP certified).”
> Show 3 unconfirmed / not-held certifications
source: security.opera.comNo public evidence of SOC 2 certification found on Opera's security portal (security.opera.com) or official documentation.
source: seraphicsecurity.comNo HIPAA compliance claimed. Security research notes that processing sensitive healthcare data (patient portals, medical records) through Opera AI creates HIPAA violations due to OpenAI/Google data processing.
source: seraphicsecurity.comNo PCI-DSS compliance. Processing payment card data or customer account information through Opera AI creates PCI-DSS violations.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Europe (Norway); processing may transit through OpenAI (US) and Google (multiple regions) servers for inference
Opera explicitly states: 'Opera AI does not use information that you provide in the AI chat, nor the content of websites that you are browsing, to train AI models.' However, chat data is processed by third-party providers (OpenAI, Google) for inference. OpenAI retains anonymized portions for 30 days; Google retains max 24 hours. Users advised not to input personal data, sensitive documents, or photos.
// Security controls
Chat Encryption in Transit & at Rest
Yes — chat history encrypted on Opera servers, stored for 30 days. OpenAI/Google store anonymized portions per their policies (30 days and 24 hours respectively).
help.opera.comVPN Service Audit
Opera's VPN service independently audited by Deloitte and Cure53; no-log policy verified by Deloitte.
help.opera.comData Access Isolation
Opera AI can only access data explicitly provided in chat or active tab/Tab Island. Browser data, other services, and background activity are inaccessible to the AI.
help.opera.comDefault Privacy Features
Built-in ad blocking, third-party cookie blocking, VPN integration, certificate verification, crash report control, analytics opt-out.
opera.com// Products & data scope
data: Active tab/Tab Island content, user-provided text, image uploads (for analysis)
Free tier (no account required); paid features available with login. Image generation, file analysis, YouTube video summarization, text translation, voice I/O. Processes data through OpenAI and Google APIs.
// What to watch
- ISO 27001:2022 certification is for 'Opera Group Limited' parent entity (September 2025); scope of applicability to specific products (browser, AI) not explicitly documented. Appears to be enterprise-wide certification.
- Third-party data processing risk: Chat and web content processed by OpenAI and Google servers. While anonymized, users handle HIPAA/PCI-DSS liability when summarizing sensitive data.
- No SOC 2 certification found; no HIPAA or PCI-DSS compliance claims. Not suitable for regulated industries handling healthcare/payment data.
- No dedicated trust center or public security audit report published for Opera AI specifically.
- Product is browser-integrated, not standalone SaaS; security posture tied to Opera browser security model.
// At a glance
Pricing model
Freemium (free tier built into browser; premium features available)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Opera Norway AS (Opera Limited, parent - NASDAQ: OPRA)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
opera.com