// Trust & Security Report

    Coqui (Defunct) logo

    Coqui (Defunct)

    Open-source text-to-speech and voice synthesis toolkit (XTTS V2). The commercial SaaS service (Coqui Studio, API) shut down in January 2024. The open-source GitHub projects continue to be maintained by the community.

    Certifications held

    0

    Maturity

    Unknown

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type 1 or Type 2
    NOT CONFIRMED

    Company shut down January 2024. coquitts.com returns 403 Forbidden. No SOC 2 report accessible from vendor domain. Nudge Security profile claims SOC 2 but no actual certificate found via search.

    source: github.com
    ISO 27001
    NOT CONFIRMED

    Company defunct as of January 2024. No ISO 27001 certificate accessible from vendor domain. Nudge Security lists but not verified against vendor source.

    source: analyticsindiamag.com
    GDPR Compliance
    NOT CONFIRMED

    Company no longer operates. Service discontinued January 2024. No active GDPR compliance posture. Historical privacy policy (if any) is no longer accessible - coquitts.com returns 403 Forbidden.

    source: github.com
    HIPAA
    NOT CONFIRMED

    Company shut down January 2024. No evidence of HIPAA certification held by vendor. Nudge Security profile mentions but no vendor-domain proof available.

    PCI DSS
    NOT CONFIRMED

    Company defunct. No vendor-domain evidence of PCI DSS certification.

    FedRAMP
    NOT CONFIRMED

    Company shut down January 2024. No FedRAMP authorization found. Nudge Security lists but not vendor-verified.

    CSA STAR
    NOT CONFIRMED

    Company defunct. No CSA STAR certification found via vendor domain or cloud security alliance registry search.

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Unknown

    Open-source Coqui TTS library available on GitHub/Hugging Face. Can be deployed locally with no data transmission to external servers. The commercial SaaS service that may have had data handling practices is now defunct. No information available on whether the SaaS service trained on user voice data.

    // Security controls

    Deployment Model

    Open-source library deployable locally (no phone-home), reducing privacy risk if used on-premises. Commercial SaaS service is defunct.

    github.com

    Encryption

    Unknown for defunct SaaS service. Open-source library: no built-in encryption specified in documentation.

    github.com

    Data Storage

    SaaS service defunct. Open-source version stores no data remotely when deployed locally.

    github.com

    // Products & data scope

    Coqui TTS (XTTS V2)Text-to-Speech / Voice Synthesis

    data: Open-source library. Processes input text and audio locally if self-hosted.

    Supports 17 languages and voice cloning from 10-second audio samples. No longer has a commercial SaaS offering.

    Coqui Studio (Defunct)Text-to-Speech API / SaaS

    data: Service shut down January 2024

    Commercial SaaS service that has been discontinued. No longer available for use.

    // What to watch

    • VENDOR DEFUNCT: Coqui AI shut down in January 2024. Commercial services no longer available.
    • DOMAIN HIJACKING: Original coqui.ai domain is now parked with an unrelated Indonesian gambling website (UNIKBET), not Coqui's content.
    • SERVICE INACCESSIBLE: coquitts.com (the SaaS service URL) returns HTTP 403 Forbidden.
    • OVER-CLAIM RISK: Nudge Security profile lists SOC 2, ISO 27001, HIPAA, GDPR, FedRamp, and CSA STAR certifications, but none of these can be verified from vendor-domain sources. No actual certificates found via search.
    • NO TRUST CENTER: No accessible trust center, security page, or compliance documentation available.
    • IDENTITY UNCERTAINTY: The assessment targets a defunct company. Only the open-source GitHub projects remain active.
    • CERTIFICATION STATUS UNKNOWN: If any certifications were held during operations (2023 and earlier), they are not verifiable and are no longer maintained or renewed post-shutdown.

    // At a glance

    Pricing model

    Open-source (free) for library. SaaS service (Studio, API) is defunct.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Coqui (Defunct)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    github.com

    > Browse all vendor trust reports