// Trust & Security Report
Hypotenuse AI (Hypotenuse Technologies Pte. Ltd.)
AI-first PXM (Product Experience Management) platform for ecommerce: product description generation, AI data enrichment/attribute mapping, image enhancement, and SEO/AEO monitoring, plus free online content tools and an API.
Certifications held
4
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.hypotenuse.ai“Penetration testing performed within the last 12 months”
Verify on trust.hypotenuse.ai“No ISO 27001 listing found on the trust center; only SOC 2 Type 2 is shown under the compliance overview.”
Verify on hypotenuse.ai“If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR.”
> Show 1 unconfirmed / not-held certifications
source: trust.hypotenuse.aiNot listed on the trust center compliance overview (SOC 2 Type 2 only); no HIPAA claim found on vendor pages.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not stated
Data region
United States (privacy policy discloses transfer to and maintenance on computers in the United States). Corporate entity is Singapore-based (Hypotenuse Technologies Pte. Ltd.).
Terms of service state customers retain rights to submitted/generated content, and that Hypotenuse may collect usage data to improve the Services 'solely in aggregate or other de-identified form' - i.e. no training of models on identifiable customer content by default. Vendor messaging states data is 'never shared with third parties or used to train public AI models.' Note: the public privacy policy itself does not explicitly address model training, so the binding commitment lives in the ToS / enterprise contract; underlying third-party LLM subprocessors are not named.
// Security controls
MFA
MFA required for administrative access, applications, critical services, and infrastructure access
trust.hypotenuse.aiVPN / network controls
VPN used; Firewall restricts public access to infrastructure; Network infrastructure monitored
trust.hypotenuse.aiVulnerability management
Vulnerabilities scanned; Automated security scanning performed on infrastructure; Automated software patch management performed; Vulnerability management policy established
trust.hypotenuse.aiBackups / disaster recovery
Automated backups enabled; Disaster recovery plans tested; BCDR policy established
trust.hypotenuse.aiAccess control
Granular/role-based access control; Production deployment access restricted; Employee access regularly reviewed
trust.hypotenuse.aiIncident response
Incident response policy established; Audit logs collected and managed
trust.hypotenuse.aiBug bounty
No public bug-bounty program found (no HackerOne or Bugcrowd listing); security handled via internal program + annual third-party penetration testing.
trust.hypotenuse.ai// Products & data scope
data: Customer product catalogs, attributes, images, brand guidelines, and commerce-platform integrations. Covered by SOC 2 Type 2 controls, encryption, RBAC, and team workflows. Marketed as 'Built for enterprises' / 'SOC 2 compliant'.
Primary paid product. Integrates with ecommerce stores and marketplaces; supports bulk generation, enrichment, and publishing.
data: Ad-hoc text/image inputs from free/self-serve users; lighter-weight, governed by the same public privacy policy and ToS.
Top-of-funnel free tools (e.g. category description generator, meta title/description generators) listed in site footer.
data: Programmatic submission of catalog/content data; same data-handling and de-identified-improvement terms apply.
API offering referenced in third-party API directories; intended for integration into customer pipelines.
// What to watch
- SOC 2 Type 2 and annual penetration testing confirmed directly on the vendor's own trust center (trust.hypotenuse.ai).
- No ISO 27001 or HIPAA - normal for a focused ecommerce-AI scaleup; recorded as unknown/false, not invented.
- No public bug-bounty program (HackerOne/Bugcrowd) found.
- Training posture: ToS commits to using data only in aggregate/de-identified form to improve the service; the public privacy policy does not restate this, so the strongest no-training commitment lives in the ToS/enterprise contract rather than the privacy policy.
- Underlying third-party LLM subprocessors are not named publicly.
- DPA availability not confirmed on public pages (likely offered to enterprise customers but unverified) - marked unknown.
// At a glance
Pricing model
Subscription SaaS (self-serve free tier + paid tiers) with sales-led Enterprise plans (book demo); usage scales with catalog/content volume.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Hypotenuse AI (Hypotenuse Technologies Pte. Ltd.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.hypotenuse.ai