// Trust & Security Report
Nine Thirty Five LLC (Fliki)
Fliki AI video generation + text-to-speech / voice cloning suite
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on fliki.ai“Voice samples are stored encrypted at rest (AES-256) on your private Fliki workspace, in compliance with GDPR and SOC 2 Type II controls. (page also indicates SOC 2 is 'coming soon')”
Verify on fliki.ai“We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors... These payment processors adhere to the standards set by PCI-DSS... Their Privacy Policy can be viewed at https://stripe.com/us/privacy”
> Show 2 unconfirmed / not-held certifications
source: fliki.aiNo ISO 27001 claim found on any Fliki page, privacy policy, or terms.
source: fliki.aiNo HIPAA claim found. A customer testimonial on the homepage references creating 'patient education videos', but Fliki itself makes no HIPAA, BAA, or healthcare-compliance claim and offers no such program.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
United States (servers and central databases in the US). 'such information may be transferred, stored or processed in the United States where our servers or central databases are located.' No EU data residency option found.
Voice cloning is explicitly excluded from training: 'samples are never shared, never used to train Fliki's public TTS models, and never made available to other users' (fliki.ai/features/voice-cloning). However the Terms grant Fliki a broad content license: 'you grant Us the right and license to access, use, host, store, cache, modify, reproduce, transmit, display, publish, and distribute your Content to operate, improve, promote and provide the Services and to develop new services and products.' That 'improve... and develop new services and products' language is broad enough to cover model/product improvement on user content other than voice samples, and is not explicitly carved out. No standalone AI/data-use policy stating a blanket no-training default was found.
// Security controls
Encryption at rest (voice samples)
AES-256 at rest for voice clone samples on private workspace
fliki.aiGeneral security posture
Self-described: 'we employ appropriate firewalls, encryption technologies and intrusion detection systems to keep your information secure'. No specific encryption-in-transit standard named.
fliki.aiBreach notification
'We also have procedures in place to handle any suspected data breaches and will notify you and relevant regulatory authorities of any breach if we are legally required to do so.'
fliki.aiData retention (3rd-party API data)
YouTube and TikTok API data stored for max 30 calendar days then deleted/refreshed.
fliki.aiDedicated security page
Does not exist (fliki.ai/security returns no security/compliance content).
fliki.ai// Products & data scope
data: User scripts, uploaded media, account email/name, usage data. Public profile content may be displayed to other users. US data residency.
Free plan and individual paid plans. Paid plans grant full commercial rights and YouTube-licensed music.
data: Biometric voice sample and face/likeness recording. AES-256 at rest, private to workspace, explicitly not used to train public TTS models, user-deletable.
Strongest privacy posture of the product line; clearest no-training commitment. Handles sensitive biometric data (voice + face).
data: Same US data residency and policies as consumer; no distinct Teams DPA or compliance scope published.
Marketed to professionals and teams; the 'Fortune 500' reference comes from a customer testimonial, not a vendor capability claim. No enterprise trust documentation, DPA, or SSO/compliance details are public.
data: OAuth tokens and limited creator info; YouTube/TikTok data retained max 30 days; revocable by user. Adheres to Google API Limited Use and TikTok policies.
Scoped, time-limited retention; user can revoke access from the provider's settings.
// What to watch
- No trust center and no dedicated security page; security claims live only in the privacy policy and a feature marketing page.
- SOC 2 Type II is referenced as 'controls' the product is 'in compliance with' and is signaled as 'coming soon' on the voice-cloning page, but NO SOC 2 report, certification date, or auditor is provided. Treated as NOT held / aspirational marketing, not a verified certification.
- Conflicting AI-training signals: voice samples are explicitly never used to train public TTS models, but the Terms grant a broad content license to 'improve... and develop new services and products' with no general no-training carve-out.
- No DPA, no bug bounty, no penetration-testing disclosure found.
- Handles sensitive biometric data (voice clones, face/digital twin) yet has no enterprise compliance attestations.
- Customer testimonials on the homepage reference healthcare ('patient education videos') and enterprise ('Fortune 500' L&D) use, but Fliki makes no HIPAA/BAA or enterprise-compliance claims of its own and publishes no enterprise trust documentation; buyers should not infer healthcare or enterprise readiness from those testimonials.
// At a glance
Pricing model
Freemium SaaS subscription (free plan + monthly/yearly paid tiers, auto-renewing). No public enterprise pricing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Nine Thirty Five LLC (Fliki)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
fliki.ai