// Trust & Security Report

    PearlMountain Limited logo

    PearlMountain Limited

    AI-powered online video editor and maker with templates, AI avatars, and video generation tools. Includes screen recording, text-to-speech, subtitle generation, background removal, and video effects.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    There are international standards relating to personal data processing and use, such as the General Data Protection Regulation (GDPR), to which FlexClip adheres.

    Verify on flexclip.com
    > Show 6 unconfirmed / not-held certifications
    SOC 2 (Type I or Type II)
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security claimed SOC 2 compliance, but FlexClip's privacy policy and public domain contain no SOC 2 attestation, audit report, or trust center reference.

    source: flexclip.com
    ISO 27001
    NOT CONFIRMED

    No public evidence on vendor domain. No mention of ISO 27001 certification in privacy policy, terms, or company information pages.

    source: flexclip.com
    HIPAA
    NOT CONFIRMED

    No public evidence on vendor domain. FlexClip is a general-purpose video editing tool; no HIPAA-specific safeguards or healthcare compliance claims documented.

    source: flexclip.com
    PCI DSS
    NOT CONFIRMED

    No public evidence on vendor domain. Payment card data is outsourced to third-party payment processors; no PCI DSS self-certification or compliance statement by FlexClip found.

    source: flexclip.com
    FedRAMP
    NOT CONFIRMED

    No public evidence on vendor domain. Nudge Security claimed FedRAMP compliance, but FlexClip is a consumer/SMB video tool with no U.S. government contract or federal security requirements.

    source: flexclip.com
    CSA STAR Level 1
    NOT CONFIRMED

    No public evidence on vendor domain. No Cloud Security Alliance certification or registry membership mentioned on FlexClip's website.

    source: flexclip.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Multiple regions (international transmission and storage across regions mentioned in privacy policy); specific data residency options not documented

    FlexClip explicitly commits in its Terms of Use: 'FlexClip will not use any of your Content for artificial intelligence (AI) model training, machine learning, or any other data analysis purposes.' Privacy policy reiterates this for Google Workspace API data. No customer video content or projects are used for AI training.

    // Security controls

    Encryption in Transit

    No specific transport protocol or TLS version is documented on the vendor domain. The privacy policy states only that payment details are encrypted before being passed to a third-party payment processor.

    flexclip.com

    Encryption at Rest

    No specific at-rest encryption standard (e.g., AES-256) is documented on the vendor domain. The privacy policy describes only general physical, electronic, and procedural security measures.

    flexclip.com

    Physical Security

    Described as employing 'internationally accepted standards and safeguards, including physical, electronic and procedural security measures'

    flexclip.com

    Payment Data Handling

    Credit card details directly passed to third-party payment processors; not retained on FlexClip servers

    flexclip.com

    Data Breach Liability

    Company explicitly disclaims: 'no method of information transmission or information storage is 100% secure or error-free'

    flexclip.com

    Backup Service

    Not offered. Company states: 'PearlMountain Limited is not offering any backup service.' Data loss from account removal is not covered.

    flexclip.com

    // Products & data scope

    FlexClip Online Video EditorVideo Editing / Creation

    data: Video files, images, text, audio, project metadata. AI features (avatars, text-to-speech, video generation) ingest these user inputs.

    Primary product; web-based, no installation required. Free and paid tiers. Supports collaborative editing.

    AI Video GeneratorAI Tools

    data: Text prompts, articles, URLs converted to video content. Processes user input to generate video.

    Generates videos from text or URLs. Uses AI but does not train on customer inputs per ToS.

    AI AvatarAI Tools

    data: User scripts and text; AI model generates avatar video presentations.

    Generates AI avatar videos from text. User text is input to existing models, not used for training.

    AI Text-to-SpeechAI Tools

    data: User text input; converted to audio via TTS models.

    Converts text to natural-sounding voices. Multi-language support. Not trained on customer data.

    // What to watch

    • OVER-CLAIM DISCREPANCY: Nudge Security profile claims FlexClip holds SOC 2, HIPAA, ISO 27001, FedRamp, and CSA Star Level 1 certifications. Extensive search of FlexClip's own domain (privacy policy, terms, about page, help center) found NO public evidence or documentation of any of these certifications. Either Nudge's claims are unverified inferences, or FlexClip is making self-reported claims not published on its public domain. Per procurement standards, unverified vendor claims should not be accepted. RECOMMEND DIRECT VENDOR CONTACT to request copies of any audit reports or compliance documentation.
    • NO TRUST CENTER: FlexClip lacks a dedicated security or trust center page with published certifications, audit reports, or compliance documentation. Only ad-hoc mentions of security practices in privacy policy.
    • BACKUP LIABILITY GAP: Company explicitly disclaims backup services and liability for data loss. Users are responsible for exporting/backing up their own projects. Archived after 180 days of inactivity.
    • VAGUE SECURITY CLAIMS: References 'internationally accepted standards' without specific frameworks (ISO 27002, NIST, etc.). No audit scope documented.
    • DATA RESIDENCY: Multi-region storage model without explicit geographic options or data localization guarantees. May not meet data residency requirements (e.g., GDPR strict localization mandates for certain orgs).
    • NO DATA PROCESSING AGREEMENT: No DPA or BAA mentioned. High-risk for regulated data (healthcare, PII).
    • COMPANY MATURITY: PearlMountain founded 2019; relatively young for enterprise trust. No public SOX or regulatory filings.

    // At a glance

    Pricing model

    Freemium (free tier with watermark, paid plans per month/year)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on PearlMountain Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    flexclip.com

    > Browse all vendor trust reports