// Trust & Security Report

    Copyleaks Ltd. logo

    Copyleaks Ltd.

    Enterprise AI content detection and plagiarism detection platform with multi-modal support (text, image, video, code); serves educational institutions and enterprises for content integrity, academic integrity, GenAI governance, and copyright compliance; includes plagiarism checker, AI detector, grammar checker, text moderation, and integrations (API, LMS, browser extension, Google Docs).

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    With PCI DSS, SOC 2, SOC 3, and GDPR certifications, Copyleaks ensures your data is always safe and protected.

    Verify on copyleaks.com
    SOC 3
    HELD

    SOC 2 certification - demonstrates security controls and practices. SOC 3 certification - provides third-party validation of security measures.

    Verify on docs.copyleaks.com
    GDPR Compliance
    HELD

    GDPR compliance - ensures adherence to data protection regulations. The EU data center (copyleaks.eu) is GDPR compliant.

    Verify on docs.copyleaks.com
    PCI DSS
    HELD

    Copyleaks' current certifications and compliance standards include SOC2, GDPR, PCI Payment Card Industry Data Security Standard, and NIST Risk Management Framework (RMF).

    Verify on copyleaks.com
    NIST Risk Management Framework (RMF)
    HELD

    Copyleaks' current certifications and compliance standards include SOC2, GDPR, PCI Payment Card Industry Data Security Standard, and NIST Risk Management Framework (RMF).

    Verify on copyleaks.com
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence found despite multiple vendor-domain searches. Not mentioned on homepage, compliance page, or security documentation.

    HIPAA
    NOT CONFIRMED

    No public evidence found. Not mentioned in vendor documentation or trust center materials.

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    USA (copyleaks.com) and EU/Germany (copyleaks.eu - GDPR compliant instance)

    Copyleaks trains its models on customer data by default. Per the Copyleaks privacy policy: 'Copyleaks uses Enterprise Customer Data to provide the Services and to train its models.' Direct customers may opt out of Copyleaks' use of their information to train models by contacting customer support, and Enterprise Customers may also elect to opt out. For Enterprise Customer Data, Copyleaks may act as an independent data controller in certain cases (as opposed to a data processor operating under a DPA when scanning submitted content per customer instructions). Users can also opt out of the Shared Data Hub feature. (Note: an earlier draft cited a more specific quote about 'fraud detection, billing' that could not be verified verbatim on a vendor page and has been replaced with the confirmed privacy-policy language.)

    // Security controls

    Data Encryption

    AES-256 encryption for data protection; 256-bit SSL encryption for data in transit

    docs.copyleaks.com

    Internal Network Security

    All platform components communicate through secure internal company network with identity verification via SSL client certificate; all internal communication secured using TLS v1.2 or newer

    copyleaks.com

    Infrastructure & Hosting

    Hosted on Google Cloud with 24/7/365 physical protection; Microservices architecture; daily backups to different Google Cloud datacenters

    copyleaks.com

    Security Testing & Monitoring

    Professional R&D team routinely scans system for security issues; external security teams conduct regular penetration testing; system monitored every 5 minutes from 5 regions worldwide

    copyleaks.com

    Data Retention & Backup

    Customer data backed up for at least 4 months in secure US-based data centers; two copies maintained with daily backup to different Google Cloud datacenters

    copyleaks.com

    User Authentication

    Strong password requirements with multi-factor authentication support; suspicious device detection; unauthorized sign-in alerts

    copyleaks.com

    Payment Processing

    All payments processed through Stripe; Copyleaks does not access or store credit card information

    copyleaks.com

    // Products & data scope

    AI Text DetectorAI Detection

    data: Text documents, essays, articles; supports 30+ languages; detects ChatGPT, Gemini, DeepSeek, Claude, and other LLMs

    Claims 99% accuracy on English datasets based on internal testing; verified by multiple independent third-party studies

    AI Image DetectorAI Detection

    data: Images; detects AI-generated and manipulated images

    Consumer and enterprise versions available

    AI Video DetectorAI Detection

    data: Video content; detects synthetic, manipulated, and hybrid AI videos with pinpoint accuracy

    Recently launched (2026); pinpoints exactly when and where deepfakes occur

    Plagiarism CheckerPlagiarism Detection

    data: Text, images, code; searches 16,000+ open-access journals, 60+ trillion websites and search engines, 1M+ internal documents, 20+ code repositories; supports 100+ languages

    Detects paraphrasing, character manipulation, image-based plagiarism

    Code Plagiarism CheckerCode Analysis

    data: Source code across 20+ repositories

    Part of governance and compliance solutions

    Grammar CheckerWriting Tools

    data: Text documents

    Basic writing quality tool

    Text ModerationContent Moderation

    data: Text content

    Flags inappropriate or policy-violating content

    API IntegrationIntegration

    data: Fully customizable API for enterprise automation

    Allows organizations to integrate detection into their workflows

    LMS IntegrationIntegration

    data: Learning Management System plugins (e.g., Moodle)

    Enables academic institutions to detect AI-generated content within LMS

    Browser ExtensionIntegration

    data: Browser-based content checking

    Chrome/browser extension for quick detection

    Copyleaks for Google DocsIntegration

    data: Google Docs documents

    Native Google Docs integration

    // What to watch

    • AI TRAINING ON CUSTOMER DATA: Copyleaks explicitly trains models on Enterprise Customer Data for 'improving Copyleaks' services.' While users can opt out of the Shared Data Hub, the primary model training practice uses customer submissions. This is a material data governance consideration for enterprises handling sensitive content.
    • SOC 3 TERMINOLOGY: Homepage claims 'SOC 3' certification, but SOC 3 is a public report format, not a certified compliance level like SOC 2 Type II. SOC 2 Type I vs Type II distinction not specified in public materials; recommend verification.
    • DUAL GDPR ROLE: Copyleaks acts as both data controller and processor depending on context. For Enterprise Customer Data, they can act as controller to train models (where contractually permitted). This dual role creates potential complexity in data agreements.
    • GATED DOCUMENTATION: Compliance page (copyleaks.com/compliance-certifications) and privacy policy returned 403 Forbidden; certification details extracted from homepage and search results rather than direct trust center verification.
    • NO ISO 27001 OR HIPAA: Despite claims of comprehensive security certifications, ISO 27001 and HIPAA certifications are not evident in public documentation. Product is not HIPAA-aligned for healthcare use.

    // At a glance

    Pricing model

    Freemium (consumer free tier + paid features); subscription-based for enterprises and educational institutions

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Copyleaks Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    copyleaks.com

    > Browse all vendor trust reports