// Trust & Security Report
Trelent Inc.
Private AI platform for regulated industries; originally an AI docstring generator (VS Code / IntelliJ extension)
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 10 unconfirmed / not-held certifications
source: security.trelent.comWe adhere to industry best practices and we are working towards compliance certifications.
source: security.trelent.comNo public evidence. Trust center states: 'We are working towards compliance certifications.'
source: security.trelent.comWe follow industry best practices and follow all applicable privacy regulations. No DPA or GDPR-specific documentation publicly available.
source: security.trelent.comNo public evidence of HIPAA compliance or BAA. Trust center does not reference HIPAA.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
AWS and Azure infrastructure; Canada-based company. Private cloud and on-premises deployment options allow data to remain in customer-controlled environments.
Trelent negotiates Zero Data Retention (ZDR) agreements with upstream AI providers (Azure OpenAI, Anthropic) so those providers process data but never store, log, or reuse it for model training. For self-hosted deployments the platform runs entirely in the customer VPC with no external data egress ('0 Bytes leave your environment'). No evidence found that Trelent itself trains on customer data, but the privacy policy PDF (app.trelent.com) was inaccessible at time of assessment, so this cannot be confirmed from the policy text directly.
// Security controls
Encryption in transit
Data transmission encrypted (HTTPS/TLS) listed as a trust center control
security.trelent.comEncryption at rest
Encryption-at-rest listed as a data security control in trust center
security.trelent.comHYOK (Hold Your Own Key) encryption
Customer-controlled encryption keys; vendor claims complete customer control over key access
security.trelent.comZero Data Retention (ZDR)
Legally binding ZDR agreements signed with AI providers (Azure OpenAI, Anthropic); inputs and outputs are not stored or logged by providers
security.trelent.comMulti-Factor Authentication
MFA listed as an application security control in trust center
security.trelent.comCloud infrastructure
Amazon Web Services and Microsoft Azure listed as infrastructure providers
security.trelent.comEndpoint security
Disk encryption, Endpoint Detection and Response (EDR), and Mobile Device Management (MDM) listed as controls
security.trelent.comNetwork security
Anti-DDoS protection and firewall controls listed in trust center
security.trelent.comPenetration testing
Pentest report listed as an available document in trust center resources (available upon request)
security.trelent.comVulnerability monitoring
Vulnerability and system monitoring procedures established listed as a product security control
security.trelent.comIncident response
Incident response policies established listed as an internal security procedures control
security.trelent.comAudit logging
Comprehensive activity tracking and monitoring available for enterprise deployments
trelent.comAccess controls
Production database access restricted, production OS access restricted, encryption key access restricted listed in trust center infrastructure security
security.trelent.comDeployment options
Public cloud, private cloud, and on-premises deployments available; self-hosted option keeps all data within customer VPC
trelent.com// Products & data scope
data: Code snippets and functions submitted via VS Code or IntelliJ extension for automated docstring generation; supports C#, Java, JavaScript, Python
Original product that gave rise to the 'docstring-ai' slug. Appears to be de-emphasized or deprecated as company has pivoted. Extension still listed on VS Code Marketplace as of last check.
data: Sensitive business documents, financial statements, legal documents, compliance data, and regulated-industry workflows processed through a private AI pipeline
Current primary product. Targets financial services, legal, and cybersecurity sectors. Includes data ingestion, intelligent search, and agent orchestration layers. All components deployable in customer VPC ('0 Bytes leave your environment'). ZDR agreements with Azure OpenAI and Anthropic apply.
data: Chat messages and connected document content (Google Drive, Box); processed under ZDR agreements with AI providers
Drop-in replacement for ChatGPT/Claude web for enterprise teams handling sensitive information. Supports Claude 3.5 and GPT-4. Offers HYOK encryption and SSO (SAML2, OIDC).
// What to watch
- NO CERTIFICATIONS HELD: Trust center explicitly states 'We are working towards compliance certifications' as of June 2026. No SOC 2, ISO 27001, HIPAA, GDPR DPA, or any other cert is publicly held.
- PRIVACY POLICY INACCESSIBLE: Privacy policy PDF (app.trelent.com/TrelentPrivacyPolicy2024.pdf) could not be fetched; app.trelent.com domain did not resolve at assessment time. Privacy posture inferred from trust center and product descriptions only.
- NO DPA: No publicly available Data Processing Agreement found; trust center does not link to one.
- PRODUCT PIVOT / SLUG MISMATCH: Directory slug 'docstring-ai' reflects the legacy VS Code docstring extension. The company (Trelent Inc.) has pivoted to an enterprise private AI platform for regulated industries. The listing name and slug should be reviewed for accuracy.
- TRUST CENTER IN DEVELOPMENT: SafeBase trust center notes 'We are currently working with experts to put together our company policies' and 'We will post our grades from public security rating agencies when they become available.' Corporate policies are not yet finalized.
- QUESTIONNAIRES ON REQUEST ONLY: 'We are working on our security compliance. We can provide completed questionnaires upon request.' No self-service security documentation.
- AI TRAINING POSTURE UNVERIFIABLE FROM POLICY: ZDR agreements with upstream AI providers (Azure OpenAI, Anthropic) are documented, but Trelent's own data use practices cannot be confirmed from the privacy policy text since the document was inaccessible at assessment time.
- CANADA-BASED STARTUP: Company is headquartered in Canada with relatively few public-facing compliance documents; pre-certification stage is consistent with a growth-stage startup.
// At a glance
Pricing model
Custom enterprise pricing (quote-based); pricing page exists at trelent.com/pricing but tiers not publicly disclosed
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Trelent Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
security.trelent.com