// Trust & Security Report
DocuAsk (Singapore-based)
AI-powered document chatbot builder and document assistant platform. Primary products: (1) docuask.com - no-code chatbot creation from business documents with Collections feature, available in Starter/Essentials/Professional/Enterprise tiers; (2) docuask.ai - AI document assistant for Q&A and analysis across multiple document types.
Certifications held
1
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on docuask.ai“Privacy policy states 'alignment with global best practices and compliance standards, including the PDPA of Singapore, GDPR of Europe, and CCPA of the USA.' This is a self-declared GDPR compliance posture, not a formal certification or third-party audit. No standard contractual clauses or specific cross-border transfer mechanisms are documented on the cited page.”
> Show 8 unconfirmed / not-held certifications
source: docuask.comMarketing claim only: SOC 2 Security appears in pricing tier feature lists (Essentials and above); homepage states 'We use the same security standards as your online bank.' However, no audit report, trust center, or third-party verification found. No public evidence of actual certification.
No public evidence of ISO 27001 certification found in privacy policy, terms, or dedicated security pages.
No mention of HIPAA certification or healthcare-specific compliance in privacy policy or public documentation. No public evidence found.
No public evidence of PCI DSS certification found.
No public evidence of these cloud-specific or privacy-focused ISO certifications found.
No public evidence of AI governance certification found.
No public evidence of Cloud Security Alliance STAR certification found.
No public evidence of FedRAMP certification found.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
Unspecified; privacy policy states data stored 'in jurisdictions committed to data protection' but does not name specific regions. Notes that data may be transferred to the United States and other countries. Company is Singapore-based per Tracxn/LinkedIn, and terms governed by Singapore law (Singapore International Arbitration Centre).
Privacy documentation does not explicitly state whether customer documents are used for training AI models. Platform integrates OpenAI Model Access (visible in product tiers), but data handling practices with OpenAI are not documented. No explicit 'we do not train on your data' statement found. This represents a significant gap for a document-based AI tool.
// Security controls
Encryption (general)
Privacy policy states 'appropriate administrative, technical and physical safeguards' and references encryption, but no specific protocols or standards (e.g., AES-256, TLS 1.2+) are documented.
docuask.aiData Backup & Redundancy
Regular, rigorous backups mentioned to protect against data loss.
docuask.aiAccess Controls
Privacy policy mentions restricted personnel access and backup copies, but implementation details not specified.
docuask.aiIncident Response
No incident response procedures, breach notification timelines, or SLAs documented in public materials.
Third-Party Risk Management
Platform uses OpenAI Model Access integration. Privacy policy states data may be shared with 'trusted third parties essential for delivering services' but no third-party risk assessments or vendor security requirements are publicly documented.
docuask.ai// Products & data scope
data: Customer documents (PDFs, Word Docs, images with text, video/audio, handwritten notes); message transcripts; chatbot conversations
Pricing tiers: Starter ($29/mo, 1,000 msg/mo), Essentials ($99/mo, 5,000 msg/mo), Professional ($299/mo, 15,000 msg/mo), Enterprise (custom). Tier-dependent features: SSO, custom integrations, and SOC 2 availability (claimed in Pro/Enterprise). No explicit data retention policy or AI training opt-out documented.
data: User-uploaded documents; questions and summaries; interaction history
Allows users to upload documents (any format) and ask questions. Features multilingual support, search, comparison, and summarization. Product page does not specify pricing model or whether it has different tiers. Data handling practices not clearly documented.
// What to watch
- OVER-CLAIM: SOC 2 Security is listed as a feature in Professional/Enterprise pricing tiers, but no audit report, trust center, or independent verification found. This is a marketing claim without public proof. Recommend contacting vendor or requesting SOC 2 audit report before granting certification credit.
- IDENTITY COMPLEXITY: Two active domains (docuask.com for chatbot builder, docuask.ai for document assistant) with overlapping functionality create potential for conflation or product evolution confusion. Unclear if these are one company with two products or two separate entities.
- THIN SECURITY DOCUMENTATION: No dedicated security/trust center page. Vendor does not publicly share encryption standards, incident response procedures, SLAs, or detailed third-party risk assessments. Only generic privacy policy and terms available.
- AI TRAINING AMBIGUITY: Platform integrates OpenAI Model Access but does not explicitly state whether customer documents are retained, trained on, or processed by OpenAI. No data processing agreement addendum publicly available. This is a critical gap for a document-processing tool.
- STARTUP MATURITY: Company founded 2023. No long-term track record or audit history. Rapid growth company with limited formal compliance infrastructure typical of this age/stage.
- DATA REGION VAGUENESS: Privacy policy provides no specific data center locations or residency commitments beyond generic 'jurisdictions with data protection.'
// At a glance
Pricing model
Freemium with tiered SaaS subscription (Starter $29, Essentials $99, Professional $299, Enterprise custom). Both docuask.com and docuask.ai appear to operate under similar subscription models.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on DocuAsk (Singapore-based)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
docuask.ai