// Trust & Security Report

    Trelent Inc. logo

    Trelent Inc.

    Private AI platform for regulated industries; originally an AI docstring generator (VS Code / IntelliJ extension)

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 10 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    We adhere to industry best practices and we are working towards compliance certifications.

    source: security.trelent.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. Trust center states: 'We are working towards compliance certifications.'

    source: security.trelent.com
    GDPR
    NOT CONFIRMED

    We follow industry best practices and follow all applicable privacy regulations. No DPA or GDPR-specific documentation publicly available.

    source: security.trelent.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance or BAA. Trust center does not reference HIPAA.

    source: security.trelent.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com
    ISO 27017
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com
    ISO 27018
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com
    ISO 42001
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: security.trelent.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    AWS and Azure infrastructure; Canada-based company. Private cloud and on-premises deployment options allow data to remain in customer-controlled environments.

    Trelent negotiates Zero Data Retention (ZDR) agreements with upstream AI providers (Azure OpenAI, Anthropic) so those providers process data but never store, log, or reuse it for model training. For self-hosted deployments the platform runs entirely in the customer VPC with no external data egress ('0 Bytes leave your environment'). No evidence found that Trelent itself trains on customer data, but the privacy policy PDF (app.trelent.com) was inaccessible at time of assessment, so this cannot be confirmed from the policy text directly.

    // Security controls

    Encryption in transit

    Data transmission encrypted (HTTPS/TLS) listed as a trust center control

    security.trelent.com

    Encryption at rest

    Encryption-at-rest listed as a data security control in trust center

    security.trelent.com

    HYOK (Hold Your Own Key) encryption

    Customer-controlled encryption keys; vendor claims complete customer control over key access

    security.trelent.com

    Zero Data Retention (ZDR)

    Legally binding ZDR agreements signed with AI providers (Azure OpenAI, Anthropic); inputs and outputs are not stored or logged by providers

    security.trelent.com

    Multi-Factor Authentication

    MFA listed as an application security control in trust center

    security.trelent.com

    SSO

    SAML2 and OIDC SSO integration available

    security.trelent.com

    Cloud infrastructure

    Amazon Web Services and Microsoft Azure listed as infrastructure providers

    security.trelent.com

    Endpoint security

    Disk encryption, Endpoint Detection and Response (EDR), and Mobile Device Management (MDM) listed as controls

    security.trelent.com

    Network security

    Anti-DDoS protection and firewall controls listed in trust center

    security.trelent.com

    Penetration testing

    Pentest report listed as an available document in trust center resources (available upon request)

    security.trelent.com

    Vulnerability monitoring

    Vulnerability and system monitoring procedures established listed as a product security control

    security.trelent.com

    Incident response

    Incident response policies established listed as an internal security procedures control

    security.trelent.com

    Audit logging

    Comprehensive activity tracking and monitoring available for enterprise deployments

    trelent.com

    Access controls

    Production database access restricted, production OS access restricted, encryption key access restricted listed in trust center infrastructure security

    security.trelent.com

    Deployment options

    Public cloud, private cloud, and on-premises deployments available; self-hosted option keeps all data within customer VPC

    trelent.com

    // Products & data scope

    Docstring AI / VS Code Extension (legacy)Developer Tools

    data: Code snippets and functions submitted via VS Code or IntelliJ extension for automated docstring generation; supports C#, Java, JavaScript, Python

    Original product that gave rise to the 'docstring-ai' slug. Appears to be de-emphasized or deprecated as company has pivoted. Extension still listed on VS Code Marketplace as of last check.

    Trelent Private AI PlatformEnterprise AI / Secure AI Workflow Automation

    data: Sensitive business documents, financial statements, legal documents, compliance data, and regulated-industry workflows processed through a private AI pipeline

    Current primary product. Targets financial services, legal, and cybersecurity sectors. Includes data ingestion, intelligent search, and agent orchestration layers. All components deployable in customer VPC ('0 Bytes leave your environment'). ZDR agreements with Azure OpenAI and Anthropic apply.

    Trelent ChatEnterprise AI Chat

    data: Chat messages and connected document content (Google Drive, Box); processed under ZDR agreements with AI providers

    Drop-in replacement for ChatGPT/Claude web for enterprise teams handling sensitive information. Supports Claude 3.5 and GPT-4. Offers HYOK encryption and SSO (SAML2, OIDC).

    // What to watch

    • NO CERTIFICATIONS HELD: Trust center explicitly states 'We are working towards compliance certifications' as of June 2026. No SOC 2, ISO 27001, HIPAA, GDPR DPA, or any other cert is publicly held.
    • PRIVACY POLICY INACCESSIBLE: Privacy policy PDF (app.trelent.com/TrelentPrivacyPolicy2024.pdf) could not be fetched; app.trelent.com domain did not resolve at assessment time. Privacy posture inferred from trust center and product descriptions only.
    • NO DPA: No publicly available Data Processing Agreement found; trust center does not link to one.
    • PRODUCT PIVOT / SLUG MISMATCH: Directory slug 'docstring-ai' reflects the legacy VS Code docstring extension. The company (Trelent Inc.) has pivoted to an enterprise private AI platform for regulated industries. The listing name and slug should be reviewed for accuracy.
    • TRUST CENTER IN DEVELOPMENT: SafeBase trust center notes 'We are currently working with experts to put together our company policies' and 'We will post our grades from public security rating agencies when they become available.' Corporate policies are not yet finalized.
    • QUESTIONNAIRES ON REQUEST ONLY: 'We are working on our security compliance. We can provide completed questionnaires upon request.' No self-service security documentation.
    • AI TRAINING POSTURE UNVERIFIABLE FROM POLICY: ZDR agreements with upstream AI providers (Azure OpenAI, Anthropic) are documented, but Trelent's own data use practices cannot be confirmed from the privacy policy text since the document was inaccessible at assessment time.
    • CANADA-BASED STARTUP: Company is headquartered in Canada with relatively few public-facing compliance documents; pre-certification stage is consistent with a growth-stage startup.

    // At a glance

    Pricing model

    Custom enterprise pricing (quote-based); pricing page exists at trelent.com/pricing but tiers not publicly disclosed

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Trelent Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    security.trelent.com

    > Browse all vendor trust reports