// Trust & Security Report
Copyleaks Ltd.
Enterprise AI content detection and plagiarism detection platform with multi-modal support (text, image, video, code); serves educational institutions and enterprises for content integrity, academic integrity, GenAI governance, and copyright compliance; includes plagiarism checker, AI detector, grammar checker, text moderation, and integrations (API, LMS, browser extension, Google Docs).
Certifications held
5
Maturity
Enterprise
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on copyleaks.com“With PCI DSS, SOC 2, SOC 3, and GDPR certifications, Copyleaks ensures your data is always safe and protected.”
Verify on docs.copyleaks.com“SOC 2 certification - demonstrates security controls and practices. SOC 3 certification - provides third-party validation of security measures.”
Verify on docs.copyleaks.com“GDPR compliance - ensures adherence to data protection regulations. The EU data center (copyleaks.eu) is GDPR compliant.”
Verify on copyleaks.com“Copyleaks' current certifications and compliance standards include SOC2, GDPR, PCI Payment Card Industry Data Security Standard, and NIST Risk Management Framework (RMF).”
Verify on copyleaks.com“Copyleaks' current certifications and compliance standards include SOC2, GDPR, PCI Payment Card Industry Data Security Standard, and NIST Risk Management Framework (RMF).”
> Show 2 unconfirmed / not-held certifications
No public evidence found despite multiple vendor-domain searches. Not mentioned on homepage, compliance page, or security documentation.
No public evidence found. Not mentioned in vendor documentation or trust center materials.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
USA (copyleaks.com) and EU/Germany (copyleaks.eu - GDPR compliant instance)
Copyleaks trains its models on customer data by default. Per the Copyleaks privacy policy: 'Copyleaks uses Enterprise Customer Data to provide the Services and to train its models.' Direct customers may opt out of Copyleaks' use of their information to train models by contacting customer support, and Enterprise Customers may also elect to opt out. For Enterprise Customer Data, Copyleaks may act as an independent data controller in certain cases (as opposed to a data processor operating under a DPA when scanning submitted content per customer instructions). Users can also opt out of the Shared Data Hub feature. (Note: an earlier draft cited a more specific quote about 'fraud detection, billing' that could not be verified verbatim on a vendor page and has been replaced with the confirmed privacy-policy language.)
// Security controls
Data Encryption
AES-256 encryption for data protection; 256-bit SSL encryption for data in transit
docs.copyleaks.comInternal Network Security
All platform components communicate through secure internal company network with identity verification via SSL client certificate; all internal communication secured using TLS v1.2 or newer
copyleaks.comInfrastructure & Hosting
Hosted on Google Cloud with 24/7/365 physical protection; Microservices architecture; daily backups to different Google Cloud datacenters
copyleaks.comSecurity Testing & Monitoring
Professional R&D team routinely scans system for security issues; external security teams conduct regular penetration testing; system monitored every 5 minutes from 5 regions worldwide
copyleaks.comData Retention & Backup
Customer data backed up for at least 4 months in secure US-based data centers; two copies maintained with daily backup to different Google Cloud datacenters
copyleaks.comUser Authentication
Strong password requirements with multi-factor authentication support; suspicious device detection; unauthorized sign-in alerts
copyleaks.comPayment Processing
All payments processed through Stripe; Copyleaks does not access or store credit card information
copyleaks.com// Products & data scope
data: Text documents, essays, articles; supports 30+ languages; detects ChatGPT, Gemini, DeepSeek, Claude, and other LLMs
Claims 99% accuracy on English datasets based on internal testing; verified by multiple independent third-party studies
data: Images; detects AI-generated and manipulated images
Consumer and enterprise versions available
data: Video content; detects synthetic, manipulated, and hybrid AI videos with pinpoint accuracy
Recently launched (2026); pinpoints exactly when and where deepfakes occur
data: Text, images, code; searches 16,000+ open-access journals, 60+ trillion websites and search engines, 1M+ internal documents, 20+ code repositories; supports 100+ languages
Detects paraphrasing, character manipulation, image-based plagiarism
data: Source code across 20+ repositories
Part of governance and compliance solutions
data: Text documents
Basic writing quality tool
data: Text content
Flags inappropriate or policy-violating content
data: Fully customizable API for enterprise automation
Allows organizations to integrate detection into their workflows
data: Learning Management System plugins (e.g., Moodle)
Enables academic institutions to detect AI-generated content within LMS
data: Browser-based content checking
Chrome/browser extension for quick detection
data: Google Docs documents
Native Google Docs integration
// What to watch
- AI TRAINING ON CUSTOMER DATA: Copyleaks explicitly trains models on Enterprise Customer Data for 'improving Copyleaks' services.' While users can opt out of the Shared Data Hub, the primary model training practice uses customer submissions. This is a material data governance consideration for enterprises handling sensitive content.
- SOC 3 TERMINOLOGY: Homepage claims 'SOC 3' certification, but SOC 3 is a public report format, not a certified compliance level like SOC 2 Type II. SOC 2 Type I vs Type II distinction not specified in public materials; recommend verification.
- DUAL GDPR ROLE: Copyleaks acts as both data controller and processor depending on context. For Enterprise Customer Data, they can act as controller to train models (where contractually permitted). This dual role creates potential complexity in data agreements.
- GATED DOCUMENTATION: Compliance page (copyleaks.com/compliance-certifications) and privacy policy returned 403 Forbidden; certification details extracted from homepage and search results rather than direct trust center verification.
- NO ISO 27001 OR HIPAA: Despite claims of comprehensive security certifications, ISO 27001 and HIPAA certifications are not evident in public documentation. Product is not HIPAA-aligned for healthcare use.
// At a glance
Pricing model
Freemium (consumer free tier + paid features); subscription-based for enterprises and educational institutions
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Copyleaks Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
copyleaks.com