// Trust & Security Report
Gencraft
AI art and video generation platform enabling users to create, edit, and generate images and videos through AI models; includes custom model training for Pro users.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: security-profiles.nudgesecurity.comNo vendor-domain evidence found. Nudge Security profile claims SOC 2 compliance, but searches on gencraft.com domain return no results for SOC 2 documentation, trust center, or certification pages. Cannot verify on vendor's own website.
source: security-profiles.nudgesecurity.comNo vendor-domain evidence found. Nudge Security profile lists ISO 27001, but site:gencraft.com searches return no certification pages or documentation. Unverified third-party claim.
source: gencraft.comGDPR posture unclear. Privacy policy references data transfers to US and acknowledges EEA users (16+ age requirement for EEA). Common Sense Media evaluation (Sept 2024) found 'Personal information is sold or rented to third parties.' No explicit GDPR compliance statement or DPA on vendor domain.
No evidence of HIPAA compliance. Not applicable to consumer AI art generation service. No healthcare data handling mentioned in privacy policy.
source: security-profiles.nudgesecurity.comNo vendor-domain evidence. Nudge Security profile mentions PCI compliance, but unverified. No payment card processing documentation found on gencraft.com.
source: security-profiles.nudgesecurity.comNo evidence of FedRAMP certification. Unverified claim in third-party profile. Not typical for consumer AI services.
source: security-profiles.nudgesecurity.comNo vendor-domain evidence. Nudge Security profile claims CSA Star Level 1, but no documentation found on gencraft.com. Unverified claim.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
United States (all data transfers to US acknowledged in privacy policy)
CRITICAL: Common Sense Media evaluation (Sept 2024) found 'Personal information is sold or rented to third parties' and that 'user information is leveraged to track and target advertisements on other third-party websites.' Custom models can be trained by Pro users (vendor homepage states users upload up to 500 images), but policy on whether customer-generated images are used to improve foundation models is unclear. Base models trained on 'large datasets of labeled art.' No explicit opt-out mechanism documented for model training.
// Security controls
Authentication Methods
SSO via Okta, Google and Microsoft login integration supported. Two-factor authentication options available (though specific methods like SMS, email, hardware, software, TOTP, U2F listed as unsupported in Nudge profile).
security-profiles.nudgesecurity.comData Encryption
'Reasonable and appropriate steps' taken to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No specific encryption standards (TLS, AES) documented on vendor domain.
Cloud Infrastructure
Uses Amazon Web Services (AWS), Google Workspace, Google Analytics, Google Tag Manager as third-party services.
security-profiles.nudgesecurity.comBreach History
No public breach history found in search results (July 2026).
// Products & data scope
data: Images retained for 30 days before deletion
Free tier available to all users. Generated images licensed under Creative Commons for non-commercial use only.
data: Paid tier with additional generation limits and features
Pro users can access custom model training feature
data: Users upload up to 500 images for training (per vendor homepage); model training takes ~30 minutes
Pro users only. Additional fee per fine-tuned model. Policy on whether uploaded training images are subsequently used to improve foundation models is not explicit.
data: Generate and edit videos using AI
Part of platform offering
// What to watch
- OVER-CLAIM: Nudge Security profile lists SOC 2, ISO 27001, GDPR, HIPAA, PCI, FedRamp, and CSA STAR Level 1 compliance, but NONE of these are documented on Gencraft's own website. No trust center page found. These claims are unverified.
- IDENTITY-CONFLATION RISK: None detected. Vendor identity confirmed as gencraft.com (Seattle-based; AI product launched in 2023, designed by an ex-Hive.ai product designer). Some company databases (e.g. Tracxn) list a 2012 incorporation date, but the Gencraft AI art/video product itself is a 2023 launch; it should not be characterized as a 14-year-old platform.
- DATA PRIVACY CONCERN: Common Sense Media evaluation (Sept 2024) flagged that 'Personal information is sold or rented to third parties' and user data is 'leveraged to track and target advertisements on other third-party websites.' This is a significant privacy risk not clearly disclosed on vendor domain.
- UNRESOLVED: Whether user-generated custom model training images are subsequently used to improve foundation models. Policy is not explicitly documented.
- EARLY-STAGE/BOOTSTRAPPED: Gencraft appears unfunded/bootstrapped and its AI product launched in 2023, making it an early-stage startup. Limited resources for formal certification programs are expected at this stage; absence of certs is not on its own a negative signal and should not be read as a compliance failure.
- THIRD-PARTY DATA RISK: Relies on Google Analytics/Firebase and Google services for operations. Customer data passed to third parties for analytics and advertising purposes.
- NO SOC 2/ISO 27001 EVIDENCE: Despite claims in Nudge Security profile, no vendor-domain documentation exists for these certifications. Suggests either Nudge profile is inaccurate or certifications are not publicly available.
// At a glance
Pricing model
Freemium (free tier + Pro paid tier with additional features and custom model training)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Gencraft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
gencraft.com