// Trust & Security Report

    Deep AI, Inc. logo

    Deep AI, Inc.

    Consumer AI creative tools (image generator, video generator, music composer, chat, voice chat, photo editor) plus custom enterprise AI solutions for governments, nonprofits, and research organizations. Free tier with public generations; Pro tier at $9.99/month; APIs for developers.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type I or II)
    NOT CONFIRMED

    No public evidence on vendor domain. Third-party vendor platform Nudge Security lists SOC 2 compliance, but this claim is not documented on deepai.org, privacy policy, terms, or any dedicated security/compliance page.

    source: deepai.org
    ISO 27001
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security lists ISO 27001 compliance, but no supporting documentation found on deepai.org.

    source: deepai.org
    GDPR
    NOT CONFIRMED

    Privacy policy includes GDPR-specific section for UK/Europe users stating 'appropriate safeguards, such as contractual clauses' for international transfers, but no formal GDPR compliance certification documented. Company states data is stored in US servers.

    source: deepai.org
    HIPAA
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security lists HIPAA compliance, but no supporting documentation found on deepai.org. Privacy policy does not mention HIPAA.

    source: deepai.org
    FedRAMP
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security lists FedRAMP compliance, but not documented on deepai.org.

    source: deepai.org
    PCI DSS
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: deepai.org
    CSA STAR
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security lists CSA Star Level 1, but not documented on deepai.org.

    source: deepai.org

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    United States

    Privacy policy explicitly states: 'we use information to develop new products and services, including to train our artificial intelligence models.' Users can opt out via the 'Your Privacy Choices' link in the website header. Policy also states the company 'may enter into agreements to license certain information to third parties for their own business and commercial purposes, including training artificial intelligence models,' with opt-out available.

    // Security controls

    Data Storage Location

    United States servers

    deepai.org

    International Data Transfer Safeguards

    Contractual clauses (stated as general approach, no specific mechanism detailed)

    deepai.org

    Encryption in Transit

    Not explicitly documented

    deepai.org

    User Authentication

    Basic authentication; no mention of MFA in privacy docs

    deepai.org

    Third-Party Infrastructure

    AWS, Google Workspace, Mailgun, Google Analytics, Sentry, GitHub, Outreach.io

    security-profiles.nudgesecurity.com

    // Products & data scope

    AI ChatConversational AI

    data: Chat inputs/outputs; can opt out of AI training

    Free tier available; trained on customer data unless user opts out

    AI Image GeneratorImage Generation

    data: User prompts and generated images; public by default on free tier, private on Pro tier

    Generated images are free of copyright; can opt out of AI training via privacy choices

    AI Video GeneratorVideo Generation

    data: Video prompts and outputs

    Part of creative suite; AI training opt-out applies

    AI Music GeneratorMusic Generation

    data: Music prompts and compositions

    Part of creative suite; AI training opt-out applies

    Voice ChatVoice AI

    data: Voice inputs

    Realistic AI voice interactions; AI training opt-out applies

    Photo EditorImage Editing

    data: Photos and edits

    Background remover, colorizer, super resolution, image replace tools

    APIsDeveloper Tools

    data: API requests and outputs

    Available for integration into third-party products; AI training opt-out applies

    Custom Enterprise SolutionsEnterprise AI

    data: Custom projects for governments, nonprofits, research organizations

    Includes specialized computer vision, perception pipelines, custom deployment; no public information on data handling or compliance for enterprise tier

    // What to watch

    • Over-claim risk: Third-party vendor platform (Nudge Security) lists DeepAI as compliant with SOC 2, ISO 27001, HIPAA, FedRAMP, and CSA STAR Level 1. However, NONE of these certifications are documented on deepai.org's own website, privacy policy, terms of service, or any dedicated security/compliance page. When searching specifically on the vendor domain for these certs, no results appear. Recommend direct vendor contact to verify status.
    • Security posture gaps: Business Digital Index security assessment rated DeepAI 91/100 overall but flagged 'medium risk to be leaked' with issues including 25 SSL configuration problems, 16 phishing/malware concerns, 8 corporate credential breaches, and 17% of employees reusing breached passwords. This contradicts claims of advanced security certifications.
    • Minimal security documentation: Privacy policy provides very basic security statements (general contractual safeguards for international transfers) with no mention of encryption, security architecture, or compliance frameworks. No dedicated trust center or security documentation page exists.
    • AI training by default: User data (including generated content and prompts) is used to train AI models by default. While opt-out is available via privacy choices, this is a material data practice that requires clear consent. Generated images are also public by default on free tier.
    • Small team / growth stage: Company has ~20 employees and $2.2M revenue (2025), which raises questions about ability to maintain enterprise-grade security and compliance programs. Though company does take on custom enterprise projects.
    • Limited liability: Terms of service cap liability at amount paid or $100 (whichever is greater), severely limiting recourse for data breaches or service failures.
    • No DPA / BAA: No Data Processing Agreement or Business Associate Agreement mentioned, limiting viability for regulated data (healthcare, financial).
    • Data ownership clarity: Users retain ownership of generated content; generated AI images are free of copyright. This is positive for users but should be verified for enterprise use cases.

    // At a glance

    Pricing model

    Freemium (free tier with public generations by default; Pro at $9.99/month; custom enterprise pricing)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Deep AI, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    deepai.org

    > Browse all vendor trust reports