// Trust & Security Report
Elai Inc.
Elai is an AI-powered video generation platform for learning & development, corporate training, and compliance. Core features include text-to-video conversion, AI avatars (80+), multilingual voice cloning (28 languages), automated translations (75+ languages), and interactive video capabilities. Part of Panopto (acquired/subsidiary).
Certifications held
3
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on elai.io“you have certain rights under the General Data Protection Regulation, EU Regulation 2016/679 (the "GDPR") - with European data subject rights including access, rectification, erasure, data portability, and withdrawal of consent enumerated in the policy.”
Verify on elai.io“you have certain rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the "CCPA") - California residents receive rights to know, delete, correct data, and non-discrimination.”
Verify on elai.io“Elai, as a subsidiary of Panopto, Inc. ("Panopto"), complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework... Elai, as a subsidiary of Panopto, has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles.”
> Show 3 unconfirmed / not-held certifications
source: elai.ioNo verifiable public evidence. An AICPA SOC logo badge appears in the security-policy page footer (image links to aicpa.org), but the page carries no textual SOC 2 certification statement and cites no report or audit date; the dedicated trust center (security.elai.io) returns HTTP 403, so SOC 2 status cannot be confirmed from vendor-domain evidence.
source: elai.ioNo public evidence of ISO 27001 certification found on vendor domain or accessible security pages
source: elai.ioHIPAA not mentioned in security-policy, website-privacy-policy, or user-privacy-policy pages; no evidence found
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
USA-based AWS data centers with multiple availability zones; data may be transferred internationally to global affiliates and service providers
No explicit statement found regarding whether the AI video generation model trains on customer-generated scripts, videos, or avatars. This is a material gap for transparency, particularly for an AI video generator. Users should clarify with vendor directly.
// Security controls
Infrastructure
USA-based data centers using Amazon Web Services and DigitalOcean with multiple availability zones
elai.ioAccess controls
Role-based access; employees and systems can only access data they need for job functions
elai.ioNetwork protection
Global CDN deployment to prevent network attacks and ensure service availability
elai.ioData backup
Consistent data backup processes; all data, including backups, stored in USA-based data centers
elai.ioData processing model
Elai operates as a data processor; customers (organizations) act as data controllers and retain responsibility for data governance
elai.ioUser data controls
Users can request data deletion and download; account deletion removes all associated data
elai.io// Products & data scope
data: Scripts, text input, uploaded media (photos, videos, music), custom avatar footage, audio/voice samples for cloning
Core text-to-video platform with AI avatars, multilingual voice cloning, automated translations, and interactive features. Marketed for corporate L&D, compliance training, onboarding, and customer education.
data: Same as primary product, accessed programmatically
API integration option for enterprise customers and developers
// What to watch
- MISSING_AI_TRAINING_TRANSPARENCY: No explicit statement on vendor domain regarding whether customer-generated content (scripts, videos, voice samples) is used to train the AI video generation model. This is a material transparency gap for an AI product.
- INACCESSIBLE_TRUST_CENTER: The dedicated Trust Center (security.elai.io) returns HTTP 403 Forbidden. The security-policy page displays an AICPA SOC logo badge but makes no textual SOC 2 certification claim and cites no report, so SOC 2 cannot be verified from public vendor-domain evidence and is graded held=false pending a direct report or written attestation.
- NO_ISO_27001: ISO 27001 certification is not claimed or publicly documented. For enterprises requiring ISO 27001, this is a gap.
- NO_HIPAA: Product is not HIPAA-eligible; suitable for general corporate training but not for healthcare/medical training use cases.
- PARENT_COMPANY_DEPENDENCY: Data Privacy Framework certification flows from parent company Panopto rather than Elai Inc. directly; assess Panopto's certifications for full picture.
- DATA_RESIDENCY_LOCK: No customer control over data residency; all data stored in USA. International customers using in-country data requirements should clarify options.
// At a glance
Pricing model
Freemium + subscription tiers (pricing page available at https://elai.io/pricing/); enterprise custom quotes
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Elai Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
security.elai.io