// Trust & Security Report
Deep AI, Inc.
Consumer AI creative tools (image generator, video generator, music composer, chat, voice chat, photo editor) plus custom enterprise AI solutions for governments, nonprofits, and research organizations. Free tier with public generations; Pro tier at $9.99/month; APIs for developers.
Certifications held
0
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: deepai.orgNo public evidence on vendor domain. Third-party vendor platform Nudge Security lists SOC 2 compliance, but this claim is not documented on deepai.org, privacy policy, terms, or any dedicated security/compliance page.
source: deepai.orgNo public evidence on vendor domain. Nudge Security lists ISO 27001 compliance, but no supporting documentation found on deepai.org.
source: deepai.orgPrivacy policy includes GDPR-specific section for UK/Europe users stating 'appropriate safeguards, such as contractual clauses' for international transfers, but no formal GDPR compliance certification documented. Company states data is stored in US servers.
source: deepai.orgNo public evidence on vendor domain. Nudge Security lists HIPAA compliance, but no supporting documentation found on deepai.org. Privacy policy does not mention HIPAA.
source: deepai.orgNo public evidence on vendor domain. Nudge Security lists FedRAMP compliance, but not documented on deepai.org.
source: deepai.orgNo public evidence on vendor domain. Nudge Security lists CSA Star Level 1, but not documented on deepai.org.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
United States
Privacy policy explicitly states: 'we use information to develop new products and services, including to train our artificial intelligence models.' Users can opt out via the 'Your Privacy Choices' link in the website header. Policy also states the company 'may enter into agreements to license certain information to third parties for their own business and commercial purposes, including training artificial intelligence models,' with opt-out available.
// Security controls
International Data Transfer Safeguards
Contractual clauses (stated as general approach, no specific mechanism detailed)
deepai.orgThird-Party Infrastructure
AWS, Google Workspace, Mailgun, Google Analytics, Sentry, GitHub, Outreach.io
security-profiles.nudgesecurity.com// Products & data scope
data: Chat inputs/outputs; can opt out of AI training
Free tier available; trained on customer data unless user opts out
data: User prompts and generated images; public by default on free tier, private on Pro tier
Generated images are free of copyright; can opt out of AI training via privacy choices
data: Video prompts and outputs
Part of creative suite; AI training opt-out applies
data: Music prompts and compositions
Part of creative suite; AI training opt-out applies
data: Voice inputs
Realistic AI voice interactions; AI training opt-out applies
data: Photos and edits
Background remover, colorizer, super resolution, image replace tools
data: API requests and outputs
Available for integration into third-party products; AI training opt-out applies
data: Custom projects for governments, nonprofits, research organizations
Includes specialized computer vision, perception pipelines, custom deployment; no public information on data handling or compliance for enterprise tier
// What to watch
- Over-claim risk: Third-party vendor platform (Nudge Security) lists DeepAI as compliant with SOC 2, ISO 27001, HIPAA, FedRAMP, and CSA STAR Level 1. However, NONE of these certifications are documented on deepai.org's own website, privacy policy, terms of service, or any dedicated security/compliance page. When searching specifically on the vendor domain for these certs, no results appear. Recommend direct vendor contact to verify status.
- Security posture gaps: Business Digital Index security assessment rated DeepAI 91/100 overall but flagged 'medium risk to be leaked' with issues including 25 SSL configuration problems, 16 phishing/malware concerns, 8 corporate credential breaches, and 17% of employees reusing breached passwords. This contradicts claims of advanced security certifications.
- Minimal security documentation: Privacy policy provides very basic security statements (general contractual safeguards for international transfers) with no mention of encryption, security architecture, or compliance frameworks. No dedicated trust center or security documentation page exists.
- AI training by default: User data (including generated content and prompts) is used to train AI models by default. While opt-out is available via privacy choices, this is a material data practice that requires clear consent. Generated images are also public by default on free tier.
- Small team / growth stage: Company has ~20 employees and $2.2M revenue (2025), which raises questions about ability to maintain enterprise-grade security and compliance programs. Though company does take on custom enterprise projects.
- Limited liability: Terms of service cap liability at amount paid or $100 (whichever is greater), severely limiting recourse for data breaches or service failures.
- No DPA / BAA: No Data Processing Agreement or Business Associate Agreement mentioned, limiting viability for regulated data (healthcare, financial).
- Data ownership clarity: Users retain ownership of generated content; generated AI images are free of copyright. This is positive for users but should be verified for enterprise use cases.
// At a glance
Pricing model
Freemium (free tier with public generations by default; Pro at $9.99/month; custom enterprise pricing)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Deep AI, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
deepai.org