// Trust & Security Report

    Genmo, Inc. logo

    Genmo, Inc.

    Mochi 1: open-source and commercial text-to-video generative model for video creation from text prompts. Available as open-source (Apache 2.0) and commercial playground.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 10 unconfirmed / not-held certifications
    SOC 2 Type I
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    SOC 2 Type II
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    ISO 27001
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    ISO 27017 (Cloud Security)
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    ISO 27018 (Cloud PII Protection)
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    GDPR Compliance
    NOT CONFIRMED

    Privacy policy references EU data protection authorities and provides data subject rights mechanisms, but no formal GDPR compliance certification or DPA mentioned.

    source: genmo.ai
    HIPAA
    NOT CONFIRMED

    no public evidence; not mentioned in privacy policy or terms of service

    source: genmo.ai
    PCI DSS
    NOT CONFIRMED

    no public evidence

    source: genmo.ai
    FedRAMP
    NOT CONFIRMED

    no public evidence

    source: genmo.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    unknown (not specified; third-party cloud services mentioned including Stability.ai, but storage location not disclosed)

    Privacy Policy explicitly states: 'We may use information you provide as well as generated images to improve the quality of Genmo's models.' No opt-out mechanism documented.

    // Security controls

    Encryption in Transit

    Not specified; company acknowledges 'no electronic transmission over the internet can be guaranteed to be 100% secure' but does not detail encryption standards or protocols

    genmo.ai

    Encryption at Rest

    Not mentioned

    genmo.ai

    Technical and Organizational Measures

    Privacy policy states implementation of 'appropriate and reasonable' measures, but no specifics on controls, audit, or monitoring

    genmo.ai

    Data Retention Policy

    Data kept only as long as necessary for stated purposes; deleted or isolated when no longer needed; retained while account is active

    genmo.ai

    Data Processing Transparency

    Privacy policy covers account creation, service improvement, usage analytics, and marketing effectiveness. Explicitly includes model training on customer inputs and generated images.

    genmo.ai

    Third-Party Processors

    Cloud computing services used; Stability.ai listed as third party. No full processor list or DPA references.

    genmo.ai

    // Products & data scope

    Mochi 1 (Open-Source)Text-to-Video Generation

    data: User-provided prompts, generated videos; used to train and improve models

    Apache 2.0 licensed; free to run locally or use via GitHub/HuggingFace; no data retention control for self-hosted usage; terms apply to web playground use

    Mochi 1 (Commercial Playground)Text-to-Video Generation (SaaS)

    data: Prompts, generated videos, usage analytics; data retained per privacy policy and used for model training unless account deleted

    Web-based SaaS; commercial use permitted with active subscription; data training applies; no explicit opt-out for AI training

    // What to watch

    • No security certifications found (SOC 2, ISO 27001, ISO 42001, etc.). Typical for growth-stage AI research labs but limits enterprise adoption.
    • AI training on customer data explicitly enabled with no documented opt-out; both inputs and generated images used to improve models. Organizations with sensitive use cases or IP concerns should verify terms carefully.
    • Data storage location/region not disclosed in public documentation; only references 'cloud computing services' and names Stability.ai as a third party without detailed processor agreements.
    • Encryption standards not documented; company acknowledges internet transmission cannot be 100% secure but does not detail TLS version, key rotation, or at-rest encryption.
    • Liability capped at $50 in ToS; company disclaims warranties on service accuracy, completeness, or security. Appropriate for research tool but limits recourse for enterprise users.
    • No Data Processing Agreement (DPA) or formal GDPR compliance certification available, though privacy policy does reference data subject rights and EU authorities. May require custom DPA negotiation for EU data subject processing.
    • Mandatory California jurisdiction and binding arbitration in ToS; 30-day opt-out window for arbitration clause.
    • Open-source Mochi 1 model allows local self-hosting (Apache 2.0) and can avoid data collection, but commercial playground enforces ToS and privacy policy with mandatory training usage.

    // At a glance

    Pricing model

    Freemium (open-source + commercial SaaS playground); subscription tiers for commercial use

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Genmo, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    genmo.ai

    > Browse all vendor trust reports