// Trust & Security Report

    Hugging Face, Inc. logo

    Hugging Face, Inc.

    AI Model Hub and Inference Platform. Core products: Hub (model/dataset repository), Inference Endpoints (serverless deployment), Inference Providers (45k+ models via unified API), Spaces (app hosting), HuggingChat (consumer AI assistant), Storage Buckets (data storage). Enterprise tiers include SSO, SCIM, audit logs, data residency controls.

    Certifications held

    2

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    The Hugging Face Hub, Inference Endpoints, and Inference Providers are all SOC 2 Type II certified. [We] provide security certification to our customers and actively monitor and patch any security weaknesses.

    Verify on huggingface.co
    GDPR Compliance
    HELD

    Hugging Face is GDPR compliant. Hugging Face can offer...GDPR data processing agreements through an Enterprise Plan.

    Verify on huggingface.co
    > Show 8 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Hugging Face does not currently publish an ISO/IEC 27001 certification. However, most enterprise customers accept the SOC 2 Type II report as equivalent assurance, since the two standards have substantial control overlap.

    source: huggingface.co
    HIPAA (BAA)
    NOT CONFIRMED

    Hugging Face can also offer Business Associate Addendums...through an Enterprise Plan. [No full HIPAA compliance certification; only BAA agreements for eligible enterprise customers.]

    source: huggingface.co
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification on vendor domain.

    source: huggingface.co
    ISO 27017 (Cloud Privacy)
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: huggingface.co
    ISO 27018 (Personally Identifiable Information in Cloud)
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: huggingface.co
    FedRAMP
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: huggingface.co
    CSA STAR
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: huggingface.co
    ISO/IEC 42001 (AI Management)
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: huggingface.co

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    US (default), EU, Asia-Pacific (coming soon). Data residency controls available on Team+ plans. For EU compliance, EU region ensures GDPR-compliant storage in EU data centers.

    Hugging Face does not use customer data, models, or datasets for training their own AI systems. HuggingChat conversations are explicitly private and not used for model training. Feedback usage is reserved but only for aggregated/anonymized insights. Private repositories are protected with reasonable measures.

    // Security controls

    Encryption in Transit

    TLS/SSL encryption on all data transfers (Inference Endpoints, Serverless Inference API, Inference Provider routing)

    huggingface.co

    Encryption at Rest

    At-rest encryption on managed storage (Enterprise feature)

    huggingface.co

    Authentication & Access Control

    User access tokens, Two-Factor Authentication (2FA), Resource Groups with fine-grained RBAC, SSO (SAML 2.0 / OIDC) on Enterprise

    huggingface.co

    Single Sign-On (SSO)

    SAML 2.0 and OpenID Connect (OIDC) supported on Enterprise; supports Okta, Azure AD, OneLign, etc.

    huggingface.co

    Audit Logging

    Comprehensive audit logs on Team+ plans; logs retained for compliance review

    huggingface.co

    Code & Malware Scanning

    Malware scanning and Pickle scanning on model repositories; third-party scanners (Protect AI, JFrog) integrated

    huggingface.co

    Secrets Scanning

    Automated detection and scanning for hardcoded secrets in repositories

    huggingface.co

    Git over SSH & GPG Commit Signing

    Secure Git operations and commit authentication options

    huggingface.co

    Private Network Connectivity

    AWS PrivateLink and Azure PrivateLink support for Inference Endpoints (Enterprise feature)

    huggingface.co

    Data Residency

    Region selection (US, EU, APAC coming) with performance and compliance benefits; 4-5x faster EU transfers when stored in EU

    huggingface.co

    Token Management & Revocation

    Fine-grained tokens with per-resource permissions; token revocation API on Enterprise

    huggingface.co

    // Products & data scope

    Hugging Face HubModel Repository & Collaboration Platform

    data: Public and private models, datasets, Spaces applications, storage buckets

    Core platform with 2M+ models and 500k+ datasets. SOC 2 Type II certified. Free tier available with basic security; Team and Enterprise tiers add audit logs, SSO, SCIM, data residency.

    Inference EndpointsServerless Model Deployment

    data: Model inputs/outputs, inference logs retained for up to 30 days (no customer data stored)

    SOC 2 Type II certified. TLS/SSL encryption in transit. Private network (PrivateLink) support on Enterprise. Logs do not store request/response bodies or user tokens.

    Inference ProvidersUnified Model API Gateway

    data: Routing to 45,000+ models via single API; no data retention for inference calls

    SOC 2 Type II certified. TLS/SSL encryption in transit. Vendors include leading AI providers. No storage of customer inference data.

    SpacesApplication Hosting (ML Apps & Demos)

    data: App code and runtime; stored in selected region (Team+ feature)

    Supports both CPU and GPU compute. Data residency available on Team+. Some advanced features (ZeroGPU) may not be available in all regions.

    HuggingChatConsumer AI Assistant

    data: Conversation history (stored for user's access only, not for training)

    Privacy-first: conversations not used for model training or research. No model author visibility into user conversations. Authenticated via HF account.

    Storage BucketsData Storage Service

    data: User-managed file storage with regional options

    Data residency controls available on Team+ (US, EU, APAC coming). At-rest encryption on managed storage.

    // What to watch

    • ISO 27001 certification NOT held. Hugging Face positions SOC 2 Type II as equivalent for enterprise audits due to substantial control overlap. Organizations requiring ISO 27001 must assess SOC 2 Type II acceptability.
    • HIPAA only available as Business Associate Agreement (BAA) on Enterprise plan. This is NOT full HIPAA compliance certification—only a contract vehicle for HIPAA-regulated customers. Full compliance responsibility remains with the customer organization.
    • No evidence of PCI DSS, FedRAMP, CSA STAR, ISO 27017/27018/27701, or ISO 42001 (AI governance) certifications. Vendors requiring these must contact Hugging Face directly.
    • Data residency features (EU/APAC regions) require Team or Enterprise plan. Free users store data in US by default.
    • GDPR DPA and HIPAA BAA agreements only available on Enterprise plan ($50+/user/month). Team plan does not include these compliance addendums.
    • SOC 2 Type II audit report is available 'under NDA from your account team'—not publicly available. Third-party verification limited.
    • Feedback and aggregated usage data is reserved for Hugging Face use (learning/improvement), though it is anonymized. Privacy-conscious organizations should review terms carefully.

    // At a glance

    Pricing model

    Freemium with tiered subscription. Free (basic public repos), Team ($20/user/month), Enterprise ($50+/user/month custom), Enterprise Plus (custom). Compute/storage available on PAYG model.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Hugging Face, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    huggingface.co

    > Browse all vendor trust reports