// Trust & Security Report

    DocuAsk (Singapore-based) logo

    DocuAsk (Singapore-based)

    AI-powered document chatbot builder and document assistant platform. Primary products: (1) docuask.com - no-code chatbot creation from business documents with Collections feature, available in Starter/Essentials/Professional/Enterprise tiers; (2) docuask.ai - AI document assistant for Q&A and analysis across multiple document types.

    Certifications held

    1

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance Posture
    HELD

    Privacy policy states 'alignment with global best practices and compliance standards, including the PDPA of Singapore, GDPR of Europe, and CCPA of the USA.' This is a self-declared GDPR compliance posture, not a formal certification or third-party audit. No standard contractual clauses or specific cross-border transfer mechanisms are documented on the cited page.

    Verify on docuask.ai
    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2 unspecified)
    NOT CONFIRMED

    Marketing claim only: SOC 2 Security appears in pricing tier feature lists (Essentials and above); homepage states 'We use the same security standards as your online bank.' However, no audit report, trust center, or third-party verification found. No public evidence of actual certification.

    source: docuask.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found in privacy policy, terms, or dedicated security pages.

    HIPAA
    NOT CONFIRMED

    No mention of HIPAA certification or healthcare-specific compliance in privacy policy or public documentation. No public evidence found.

    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found.

    ISO 27017 / ISO 27018 / ISO 27701
    NOT CONFIRMED

    No public evidence of these cloud-specific or privacy-focused ISO certifications found.

    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of AI governance certification found.

    CSA STAR
    NOT CONFIRMED

    No public evidence of Cloud Security Alliance STAR certification found.

    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification found.

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    Unspecified; privacy policy states data stored 'in jurisdictions committed to data protection' but does not name specific regions. Notes that data may be transferred to the United States and other countries. Company is Singapore-based per Tracxn/LinkedIn, and terms governed by Singapore law (Singapore International Arbitration Centre).

    Privacy documentation does not explicitly state whether customer documents are used for training AI models. Platform integrates OpenAI Model Access (visible in product tiers), but data handling practices with OpenAI are not documented. No explicit 'we do not train on your data' statement found. This represents a significant gap for a document-based AI tool.

    // Security controls

    Encryption (general)

    Privacy policy states 'appropriate administrative, technical and physical safeguards' and references encryption, but no specific protocols or standards (e.g., AES-256, TLS 1.2+) are documented.

    docuask.ai

    Data Backup & Redundancy

    Regular, rigorous backups mentioned to protect against data loss.

    docuask.ai

    Access Controls

    Privacy policy mentions restricted personnel access and backup copies, but implementation details not specified.

    docuask.ai

    Incident Response

    No incident response procedures, breach notification timelines, or SLAs documented in public materials.

    Third-Party Risk Management

    Platform uses OpenAI Model Access integration. Privacy policy states data may be shared with 'trusted third parties essential for delivering services' but no third-party risk assessments or vendor security requirements are publicly documented.

    docuask.ai

    // Products & data scope

    DocuAsk Chatbot Builder (docuask.com)No-code AI Chatbot Creator

    data: Customer documents (PDFs, Word Docs, images with text, video/audio, handwritten notes); message transcripts; chatbot conversations

    Pricing tiers: Starter ($29/mo, 1,000 msg/mo), Essentials ($99/mo, 5,000 msg/mo), Professional ($299/mo, 15,000 msg/mo), Enterprise (custom). Tier-dependent features: SSO, custom integrations, and SOC 2 availability (claimed in Pro/Enterprise). No explicit data retention policy or AI training opt-out documented.

    DocuAsk AI Document Assistant (docuask.ai)Document Q&A & Analysis Tool

    data: User-uploaded documents; questions and summaries; interaction history

    Allows users to upload documents (any format) and ask questions. Features multilingual support, search, comparison, and summarization. Product page does not specify pricing model or whether it has different tiers. Data handling practices not clearly documented.

    // What to watch

    • OVER-CLAIM: SOC 2 Security is listed as a feature in Professional/Enterprise pricing tiers, but no audit report, trust center, or independent verification found. This is a marketing claim without public proof. Recommend contacting vendor or requesting SOC 2 audit report before granting certification credit.
    • IDENTITY COMPLEXITY: Two active domains (docuask.com for chatbot builder, docuask.ai for document assistant) with overlapping functionality create potential for conflation or product evolution confusion. Unclear if these are one company with two products or two separate entities.
    • THIN SECURITY DOCUMENTATION: No dedicated security/trust center page. Vendor does not publicly share encryption standards, incident response procedures, SLAs, or detailed third-party risk assessments. Only generic privacy policy and terms available.
    • AI TRAINING AMBIGUITY: Platform integrates OpenAI Model Access but does not explicitly state whether customer documents are retained, trained on, or processed by OpenAI. No data processing agreement addendum publicly available. This is a critical gap for a document-processing tool.
    • STARTUP MATURITY: Company founded 2023. No long-term track record or audit history. Rapid growth company with limited formal compliance infrastructure typical of this age/stage.
    • DATA REGION VAGUENESS: Privacy policy provides no specific data center locations or residency commitments beyond generic 'jurisdictions with data protection.'

    // At a glance

    Pricing model

    Freemium with tiered SaaS subscription (Starter $29, Essentials $99, Professional $299, Enterprise custom). Both docuask.com and docuask.ai appear to operate under similar subscription models.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on DocuAsk (Singapore-based)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    docuask.ai

    > Browse all vendor trust reports