// Trust & Security Report
Wondershare Software Co., Ltd.
Filmora AI - AI-powered video editing and content creation platform with 2.9M+ creative assets, available on desktop (Windows/Mac) and mobile (iOS/Android); includes AI features like text-to-video, image-to-video, object removal, auto-caption, and music generation.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: wondershare.comNo public evidence found on vendor domain. Trust Center page exists but does not list SOC 2 for Filmora or any Wondershare product. (Lumin PDF, which advertises a SOC 2 Type 1 report, is a separate company, not a Wondershare product, and is not evidence for this vendor.)
source: wondershare.comNo public evidence found on vendor domain for Filmora. Wondershare PDFelement holds ISO 27001 certification, but Filmora does not list this certification.
source: wondershare.comImplements GDPR-aligned practices (Standard Contractual Clauses for international transfers, EU data residency option) but does not claim formal GDPR certification. Privacy policy states: 'if you are within the European Economic Area, your Personal Data will be processed and stored on the server in EU.'
source: wondershare.comNo public evidence found on vendor domain. Not a healthcare product; no HIPAA claims or certifications visible.
source: wondershare.comNo public evidence found on vendor domain for Filmora. Wondershare mentions PCI compliance for payment processing in general, but not specific to Filmora product certification.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
EU data residency available; Standard Contractual Clauses used for international transfers
Wondershare explicitly states: 'We do not use this data to train our own general AI models' and 'we will not use your personal data to research, develop, train and otherwise improve the AI models.' When customer content is sent to third-party AI providers (the vendor's AI privacy page names OpenAI, Azure, Eleven Labs, and PixVerse; the marketing site also cites Google's Veo model), those providers are contractually bound to process data only for service delivery. Biometric data (facial features, voiceprints) from AI features is automatically deleted after generation and not used for identification or shared with third parties.
// Security controls
Encryption in transit and at rest
SSL encryption used for payments and data transmission; general encryption for data storage mentioned but specific algorithms not detailed.
wondershare.comWeb Security Verification
Website verified by SSL Labs and Sucuri; protected by enterprise-grade security services.
wondershare.comAntivirus Verification
Software verified by McAfee, Norton, AVG; claims '100% safe, with no virus or malware.'
wondershare.comPayment Security
Payment data secured by SecureTrust with advanced encryption technology.
wondershare.comData Protection
Implements technical and organizational security measures to protect against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.
wondershare.com// Products & data scope
data: Local video files, project data, account information; AI features send content to third-party providers with consent
Available on Windows and Mac; supports 2.9M+ creative assets; core timeline and rendering work offline; advanced AI features require internet
data: Local video files on device, account information; AI features require cloud processing
Available on iOS and Android; subset of desktop features; cloud storage for projects optional
data: Text prompts sent to Google/OpenAI servers; generated video stored locally by default
Uses Gemini 3.0 or OpenAI API; requires explicit user consent before processing
data: Images and video frames sent to Google (Veo 3.0/3.1), OpenAI (Sora 2), or Kuaishou (Kling 2.5) servers; results returned to user
Biometric data (faces, voices) automatically deleted after processing; not retained by Wondershare or providers
// What to watch
- No vendor-domain source explicitly lists formal security certifications (SOC 2, ISO 27001, HIPAA, FedRAMP) for Filmora. Trust Center page exists but does not detail specific certifications.
- Product-level certifications vs. parent-company certifications unclear: Wondershare PDFelement has ISO 27001, but not Filmora.
- Earlier Filmora versions (12.x, 13.x, 14.5.16) had local privilege escalation CVEs; recommend checking current version (15.x) patch status.
- AI training policy is clear and positive (no self-training on customer data), but relies on third-party AI providers' compliance (Google, OpenAI, Kuaishou); user consent required for data transmission.
- GDPR compliance is implemented (Standard Contractual Clauses, EU data residency) but not formally certified.
- Biometric data handling is transparent (auto-deletion post-processing) but not formally audited or certified.
// At a glance
Pricing model
Freemium (free tier with watermark) + subscription plans (monthly, yearly, lifetime)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Wondershare Software Co., Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
wondershare.com