// Trust & Security Report

    GPTZero (acquired by Superhuman, Inc. in June 2026) logo

    GPTZero (acquired by Superhuman, Inc. in June 2026)

    AI content detection and writing verification platform with AI detection, hallucination detection, plagiarism checking, grammar checking, and writing replay features for education, hiring, publishing, and legal sectors

    Certifications held

    5

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    We are very proud to share that we are SOC 2 Type II compliant.

    Verify on gptzero.me
    GDPR
    HELD

    We have designed our systems to be in compliance with the General Data Protection Regulation (GDPR).

    Verify on gptzero.me
    CCPA
    HELD

    By being fully compliant with these standards we have further been able to allow full for users to access and delete their information at will.

    Verify on gptzero.me
    FERPA
    HELD

    We comply with the requirements of the Family Education Rights and Privacy Act ("FERPA") because we currently do NOT store student "educational records," and only receive the minimally required information from teachers (e.g. document uploads) needed to perform services.

    Verify on gptzero.me
    COPPA
    HELD

    Under the Children's Online Privacy Protection Act ("COPPA"), consistent with the position of the Federal Trade Commission (FTC), we rely on our education institution customers to obtain the necessary parental consents prior to collecting only the minimally required personal information from students under age 13.

    Verify on gptzero.me
    > Show 5 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence found on vendor domain; third-party sources (Nudge Security) claim this cert but vendor's official privacy-and-security page does not list it

    source: gptzero.me
    HIPAA
    NOT CONFIRMED

    GPTZero Terms of Use explicitly states: 'The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.)' and 'if your interactions would be subjected to such laws, you may not use this Site.'

    source: gptzero.me
    PCI DSS
    NOT CONFIRMED

    No public evidence found on vendor domain; not mentioned in official privacy-and-security page or other compliance documentation

    source: gptzero.me
    FedRAMP
    NOT CONFIRMED

    No public evidence found on vendor domain; not mentioned in official privacy-and-security page

    source: gptzero.me
    CSA STAR
    NOT CONFIRMED

    No public evidence found on vendor domain; third-party sources claim CSA STAR Level 1 but vendor does not list this on official pages

    source: gptzero.me

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not specified - GDPR compliant but no explicit data residency requirements stated; no information on which regions data is stored

    Text and file contents submitted by API subscribers are not stored by default nor used for product improvement. Subscribers may voluntarily opt-in to storage solely for the purpose of viewing within the application. Dashboard submissions (gptzero.me or app.gptzero.me) are stored and used in aggregate for product improvement. No automatic training on customer data.

    // Security controls

    Encryption

    Sensitive information is appropriately labeled, encrypted, and only retained as long as needed

    gptzero.me

    Vulnerability Management

    Regular vulnerability scans and penetration testing performed; Responsible Disclosure Policy in place for security researchers

    gptzero.me

    Access Controls

    Multi-factor authentication (MFA) enforced across all systems; strong access controls implemented

    gptzero.me

    Vendor Management

    Vendors held to strict data protection standards; automated compliance monitoring via Drata

    gptzero.me

    Employee Training

    Annual company-wide security training for all employees

    gptzero.me

    Secure Development

    Secure Software Development Life Cycle (SDLC) ensures security is embedded from start of development

    gptzero.me

    Data Retention

    Personal information retained no longer than 3 months past account termination; API data not stored by default

    gptzero.me

    Accessibility

    Completed VPAT (Voluntary Product Accessibility Template) assessment; follows WCAG and Section 508 standards

    gptzero.me

    // Products & data scope

    AI DetectorAI Content Detection

    data: Text and document analysis; can detect AI from ChatGPT, GPT-4, Gemini, Claude, Llama, Deepseek and other LLMs

    Core product; detects AI-generated content with 99% accuracy; supports multiple languages (English, German, Portuguese, French, Spanish)

    Advanced ScanAI Content Detection

    data: Enhanced detection with detailed sentence-level analysis and color-coded highlights

    Premium feature; best-in-class accuracy; de-biased for ESL (English Second Language) learners

    Writing ReplayWriting Verification

    data: Video proof of writing process; captures copy-pastes and unnatural typing patterns

    Helps verify authentic human authorship; works in Google Docs

    Hallucination DetectorAI Content Quality

    data: Identifies false or inaccurate claims in AI-generated content

    Detects factual errors and hallucinations in AI outputs

    Plagiarism CheckerPlagiarism Detection

    data: Checks if content was copied from outside sources without attribution

    Available as standalone product and integrated feature

    Grammar CheckerWriting Quality

    data: Identifies and suggests corrections for grammar errors

    Free online grammar checking tool

    AI Reviewer / TutorWriting Feedback

    data: AI-powered feedback on writing quality with custom suggestions

    Helps build responsible writing habits with personalized guidance

    Authorship VerificationAuthenticity Verification

    data: Verifies that content is genuinely written by the claimed author

    Used in legal, hiring, and publishing contexts

    AI VisionImage Analysis

    data: Analyzes images for AI-generated content

    Extends detection capabilities beyond text

    // What to watch

    • HIPAA OVER-CLAIM: Third-party security profiles (e.g., Nudge Security) claim HIPAA compliance, but GPTZero's own Terms of Use explicitly state 'not tailored to comply with HIPAA' and prohibit HIPAA-regulated users from using the service. This is a critical discrepancy.
    • ISO 27001 NOT CONFIRMED: While some third-party sources claim ISO 27001 certification, it is not mentioned on GPTZero's official privacy-and-security page. Vendor claims SOC 2 Type II instead.
    • ACQUIRED JUNE 2026: GPTZero was acquired by Superhuman in June 2026; future compliance posture may change under new ownership. Current assessment reflects pre-acquisition compliance claims.
    • NO DATA RESIDENCY SPECS: While GDPR compliant, vendor does not specify which geographic regions store customer data or offer EU/US data residency options.
    • EXPLICITLY NOT HIPAA-SUITABLE: Per ToU, any organization subject to HIPAA must not use GPTZero. Clear prohibition in terms should be highlighted to healthcare/regulated entities.

    // At a glance

    Pricing model

    Freemium with paid tiers: Premium (€9.99/month, 300K words/month) and Professional (€19.99/month, 500K words/month), billed annually; Enterprise grade security available

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on GPTZero (acquired by Superhuman, Inc. in June 2026)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    gptzero.me

    > Browse all vendor trust reports