// Trust & Security Report

    Gencraft logo

    Gencraft

    AI art and video generation platform enabling users to create, edit, and generate images and videos through AI models; includes custom model training for Pro users.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    No vendor-domain evidence found. Nudge Security profile claims SOC 2 compliance, but searches on gencraft.com domain return no results for SOC 2 documentation, trust center, or certification pages. Cannot verify on vendor's own website.

    source: security-profiles.nudgesecurity.com
    ISO 27001
    NOT CONFIRMED

    No vendor-domain evidence found. Nudge Security profile lists ISO 27001, but site:gencraft.com searches return no certification pages or documentation. Unverified third-party claim.

    source: security-profiles.nudgesecurity.com
    GDPR Compliance
    NOT CONFIRMED

    GDPR posture unclear. Privacy policy references data transfers to US and acknowledges EEA users (16+ age requirement for EEA). Common Sense Media evaluation (Sept 2024) found 'Personal information is sold or rented to third parties.' No explicit GDPR compliance statement or DPA on vendor domain.

    source: gencraft.com
    HIPAA
    NOT CONFIRMED

    No evidence of HIPAA compliance. Not applicable to consumer AI art generation service. No healthcare data handling mentioned in privacy policy.

    PCI DSS
    NOT CONFIRMED

    No vendor-domain evidence. Nudge Security profile mentions PCI compliance, but unverified. No payment card processing documentation found on gencraft.com.

    source: security-profiles.nudgesecurity.com
    FedRAMP
    NOT CONFIRMED

    No evidence of FedRAMP certification. Unverified claim in third-party profile. Not typical for consumer AI services.

    source: security-profiles.nudgesecurity.com
    CSA STAR
    NOT CONFIRMED

    No vendor-domain evidence. Nudge Security profile claims CSA Star Level 1, but no documentation found on gencraft.com. Unverified claim.

    source: security-profiles.nudgesecurity.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States (all data transfers to US acknowledged in privacy policy)

    CRITICAL: Common Sense Media evaluation (Sept 2024) found 'Personal information is sold or rented to third parties' and that 'user information is leveraged to track and target advertisements on other third-party websites.' Custom models can be trained by Pro users (vendor homepage states users upload up to 500 images), but policy on whether customer-generated images are used to improve foundation models is unclear. Base models trained on 'large datasets of labeled art.' No explicit opt-out mechanism documented for model training.

    // Security controls

    Authentication Methods

    SSO via Okta, Google and Microsoft login integration supported. Two-factor authentication options available (though specific methods like SMS, email, hardware, software, TOTP, U2F listed as unsupported in Nudge profile).

    security-profiles.nudgesecurity.com

    Data Encryption

    'Reasonable and appropriate steps' taken to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No specific encryption standards (TLS, AES) documented on vendor domain.

    Cloud Infrastructure

    Uses Amazon Web Services (AWS), Google Workspace, Google Analytics, Google Tag Manager as third-party services.

    security-profiles.nudgesecurity.com

    Breach History

    No public breach history found in search results (July 2026).

    // Products & data scope

    Free Image GenerationAI Image Generator

    data: Images retained for 30 days before deletion

    Free tier available to all users. Generated images licensed under Creative Commons for non-commercial use only.

    Pro Image GenerationAI Image Generator

    data: Paid tier with additional generation limits and features

    Pro users can access custom model training feature

    Custom Model TrainingAI Model Fine-tuning

    data: Users upload up to 500 images for training (per vendor homepage); model training takes ~30 minutes

    Pro users only. Additional fee per fine-tuned model. Policy on whether uploaded training images are subsequently used to improve foundation models is not explicit.

    Video GenerationAI Video Generator

    data: Generate and edit videos using AI

    Part of platform offering

    // What to watch

    • OVER-CLAIM: Nudge Security profile lists SOC 2, ISO 27001, GDPR, HIPAA, PCI, FedRamp, and CSA STAR Level 1 compliance, but NONE of these are documented on Gencraft's own website. No trust center page found. These claims are unverified.
    • IDENTITY-CONFLATION RISK: None detected. Vendor identity confirmed as gencraft.com (Seattle-based; AI product launched in 2023, designed by an ex-Hive.ai product designer). Some company databases (e.g. Tracxn) list a 2012 incorporation date, but the Gencraft AI art/video product itself is a 2023 launch; it should not be characterized as a 14-year-old platform.
    • DATA PRIVACY CONCERN: Common Sense Media evaluation (Sept 2024) flagged that 'Personal information is sold or rented to third parties' and user data is 'leveraged to track and target advertisements on other third-party websites.' This is a significant privacy risk not clearly disclosed on vendor domain.
    • UNRESOLVED: Whether user-generated custom model training images are subsequently used to improve foundation models. Policy is not explicitly documented.
    • EARLY-STAGE/BOOTSTRAPPED: Gencraft appears unfunded/bootstrapped and its AI product launched in 2023, making it an early-stage startup. Limited resources for formal certification programs are expected at this stage; absence of certs is not on its own a negative signal and should not be read as a compliance failure.
    • THIRD-PARTY DATA RISK: Relies on Google Analytics/Firebase and Google services for operations. Customer data passed to third parties for analytics and advertising purposes.
    • NO SOC 2/ISO 27001 EVIDENCE: Despite claims in Nudge Security profile, no vendor-domain documentation exists for these certifications. Suggests either Nudge profile is inaccurate or certifications are not publicly available.

    // At a glance

    Pricing model

    Freemium (free tier + Pro paid tier with additional features and custom model training)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Gencraft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    gencraft.com

    > Browse all vendor trust reports