// Trust & Security Report

    Text, Inc. logo

    Text, Inc.

    ChatBot (ChatBot by Text) - AI-powered conversational agent for customer support, sales, and engagement across web, mobile, and messaging channels (Messenger, SMS, etc.). Part of broader Text platform including LiveChat and other communication tools.

    Certifications held

    8

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 (Type II recommended)
    HELD

    The platform holds SOC 2, GDPR, CCPA, PCI DSS, and Data Privacy Framework compliance, along with WCAG 2.2 accessibility verification.

    Verify on chatbot.com
    GDPR
    HELD

    Text commits to subjecting all personal data received from European Union (EU), European Economic Area (EEA) and Switzerland to GDPR protections (Regulation EU 2016/679). Data Privacy Framework certification effective July 10, 2023.

    Verify on chatbot.com
    CCPA/CPRA (California Consumer Privacy Act)
    HELD

    Recognition of consumer rights including data access, correction, and opt-out options. CCPA/CPRA compliance explicitly listed.

    Verify on chatbot.com
    PCI DSS
    HELD

    PCI DSS (SAQ A level). Platform for ecommerce requires PCI DSS compliance for payment data handling.

    Verify on chatbot.com
    EU-US Data Privacy Framework
    HELD

    Text has achieved certification under the EU-US DPF, obtaining adequacy status. This pivotal adequacy decision signifies that the United States provides an equivalent level of safeguard for personal data. Certification became effective July 10, 2023.

    Verify on chatbot.com
    UK Data Bridge (UK Extension to EU-US DPF)
    HELD

    Text self-certified compliance with the UK Extension to the EU-US DPF, implemented through the Data Protection (Adequacy) (United States of America) Regulations 2023, effective October 12, 2023.

    Verify on chatbot.com
    Swiss-U.S. Data Privacy Framework
    HELD

    Swiss-U.S. Data Privacy Framework (DPF) certification valid as of September 15, 2024, recognized by Swiss Federal Council for adequate data protection.

    Verify on text.com
    WCAG 2.2 (Accessibility)
    HELD

    WCAG 2.2 accessibility verification included in platform certifications.

    Verify on chatbot.com
    > Show 3 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of certification on the vendor's own domain. The vendor's blog list of held certifications (SOC 2, GDPR, CCPA, PCI DSS, Data Privacy Framework, WCAG 2.2) does NOT include ISO 27001; the blog references ISO 27001 only as a standard organizations should pursue, not one the platform holds. The trust center (trust.text.com) does not confirm it either.

    source: chatbot.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance found. ChatBot markets specifically to healthcare organizations, but HIPAA certification not mentioned in privacy policy, trust documentation, or security blog posts. Status unknown - may require enterprise contract negotiation.

    source: chatbot.com
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 AI governance certification found despite extensive security documentation.

    source: chatbot.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Global with multiple cloud regions (Google Cloud, AWS). Data may be processed outside customer's country. EU/UK data transfers protected by Standard Contractual Clauses (Module II SCCs) and Data Privacy Framework adequacy determinations.

    Platform trains AI agent on customer-provided sources (website URL, help center docs, knowledge base, product docs) via RAG (Retrieval-Augmented Generation). Does NOT train on customer conversation data for model improvement. Customers fully control what data the agent learns from.

    // Security controls

    Encryption in Transit

    256-bit TLS encryption (versions 1.2 and 1.3) on all connections

    chatbot.com

    Encryption at Rest

    Multiple copies of personal data with recovery capability; backup copies stored separately from primary systems

    text.com

    Authentication

    Two-factor authentication (2FA) available. Passwords require minimum 12 characters with numbers, capitals, and special characters. OAuth 2.1 with short-lived tokens and PKCE mandate for API access.

    text.com

    Access Control

    Least privilege access. Personnel deactivation upon service termination. Role-based access controls with documented security policies. Unique machine identities per agent.

    text.com

    Data Compartmentalization

    Logical data compartmentalization between customers. Clients cannot access other clients' data.

    chatbot.com

    Testing & Monitoring

    Annual penetration testing. Annual risk assessments. Event logging maintained for minimum 10 days. Real-time monitoring and anomaly detection of agent actions. Immutable audit trails.

    text.com

    Infrastructure Security

    Hosted on Google Cloud and AWS. Web Application Firewall for DDoS mitigation. Endpoint detection and response (EDR) on staff devices. Software supply chain scanning.

    chatbot.com

    Incident Response

    Breach notification as required by law. Documented incident breach records maintained.

    chatbot.com

    // Products & data scope

    ChatBot (Web Widget)AI Chatbot / Customer Support

    data: Pre-chat surveys, chat conversations, ticket content. Customer-provided training data only (website, help center, docs).

    Core product. Free 14-day trial. Pricing from $19/mo. Supports multichannel deployment (website, Messenger, SMS, etc.).

    ChatBot for eCommerceSales / Customer Support

    data: Product catalog, customer data, transaction context. PCI DSS SAQ A compliance for payment handling.

    AI agent for product recommendations, sales, checkout assistance. Case study: Wembley Stadium ($1.5M in 8 months).

    ChatBot for HealthcareCustomer Support / Patient Engagement

    data: Patient inquiries, appointment scheduling, general information. HIPAA compliance not publicly documented.

    Solution marketed for healthcare but HIPAA certification status unclear. Recommend enterprise assessment.

    ChatBot for EducationStudent Support / Engagement

    data: Student inquiries, enrollment support, general campus information.

    Use cases in student support and institutional communications.

    // What to watch

    • SOC 2 specificity: Blog post states 'SOC 2 (Type II recommended)' but doesn't explicitly confirm Type II certification held. Search results suggest Type II is the goal/recommendation, not necessarily current status. Recommend vendor confirm Type I vs Type II.
    • ISO 27001 NOT held (corrected): The vendor's security blog does not list ISO 27001 among the certifications the platform holds; it references ISO 27001 only as a standard organizations should pursue. The first-pass draft had graded this held=true against a proof quote that does not literally appear on the cited page. Downgraded to held=false (no public evidence). Trust center (trust.text.com) exists but content was not accessible to confirm otherwise.
    • HIPAA gap: Platform markets to healthcare organizations but no HIPAA certification or compliance framework mentioned in public documentation. May be available under enterprise agreement only.
    • Identity verification: Vendor is 'Text, Inc.' (parent company at text.com), product is 'ChatBot' or 'ChatBot by Text' (at chatbot.com). Confirmed same entity via copyright notice and legal pages. No conflation risk.
    • Trust center accessibility: trust.text.com domain confirmed but page content not fully accessible during assessment. Further verification recommended.
    • Blog vs official stance: Certifications sourced from blog post (educational content) rather than official compliance dashboard. Blog may represent aspirational standards or generic recommendations rather than current ChatBot.com status.

    // At a glance

    Pricing model

    SaaS subscription. Free trial (14 days, no credit card required). Pricing from $19/month individual to custom enterprise plans.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Text, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.text.com

    > Browse all vendor trust reports