// Trust & Security Report

    Hypotenuse AI (Hypotenuse Technologies Pte. Ltd.) logo

    Hypotenuse AI (Hypotenuse Technologies Pte. Ltd.)

    AI-first PXM (Product Experience Management) platform for ecommerce: product description generation, AI data enrichment/attribute mapping, image enhancement, and SEO/AEO monitoring, plus free online content tools and an API.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 Compliant

    Verify on trust.hypotenuse.ai
    Penetration testing (annual)
    HELD

    Penetration testing performed within the last 12 months

    Verify on trust.hypotenuse.ai
    ISO 27001
    HELD

    No ISO 27001 listing found on the trust center; only SOC 2 Type 2 is shown under the compliance overview.

    Verify on trust.hypotenuse.ai
    GDPR
    HELD

    If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR.

    Verify on hypotenuse.ai
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Not listed on the trust center compliance overview (SOC 2 Type 2 only); no HIPAA claim found on vendor pages.

    source: trust.hypotenuse.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not stated

    Data region

    United States (privacy policy discloses transfer to and maintenance on computers in the United States). Corporate entity is Singapore-based (Hypotenuse Technologies Pte. Ltd.).

    Terms of service state customers retain rights to submitted/generated content, and that Hypotenuse may collect usage data to improve the Services 'solely in aggregate or other de-identified form' - i.e. no training of models on identifiable customer content by default. Vendor messaging states data is 'never shared with third parties or used to train public AI models.' Note: the public privacy policy itself does not explicitly address model training, so the binding commitment lives in the ToS / enterprise contract; underlying third-party LLM subprocessors are not named.

    // Security controls

    Encryption at rest

    Data encrypted at rest

    trust.hypotenuse.ai

    Encryption in transit

    Data encrypted in-transit

    trust.hypotenuse.ai

    MFA

    MFA required for administrative access, applications, critical services, and infrastructure access

    trust.hypotenuse.ai

    Web Application Firewall

    Web Application Firewall (WAF) used

    trust.hypotenuse.ai

    VPN / network controls

    VPN used; Firewall restricts public access to infrastructure; Network infrastructure monitored

    trust.hypotenuse.ai

    Vulnerability management

    Vulnerabilities scanned; Automated security scanning performed on infrastructure; Automated software patch management performed; Vulnerability management policy established

    trust.hypotenuse.ai

    Backups / disaster recovery

    Automated backups enabled; Disaster recovery plans tested; BCDR policy established

    trust.hypotenuse.ai

    Access control

    Granular/role-based access control; Production deployment access restricted; Employee access regularly reviewed

    trust.hypotenuse.ai

    Incident response

    Incident response policy established; Audit logs collected and managed

    trust.hypotenuse.ai

    Bug bounty

    No public bug-bounty program found (no HackerOne or Bugcrowd listing); security handled via internal program + annual third-party penetration testing.

    trust.hypotenuse.ai

    // Products & data scope

    Hypotenuse AI PXM platform (Team/Enterprise)Ecommerce product content + data enrichment + image editing + SEO monitoring

    data: Customer product catalogs, attributes, images, brand guidelines, and commerce-platform integrations. Covered by SOC 2 Type 2 controls, encryption, RBAC, and team workflows. Marketed as 'Built for enterprises' / 'SOC 2 compliant'.

    Primary paid product. Integrates with ecommerce stores and marketplaces; supports bulk generation, enrichment, and publishing.

    Free online content toolsSingle-purpose generators (product/category/meta description, image description, image editor)

    data: Ad-hoc text/image inputs from free/self-serve users; lighter-weight, governed by the same public privacy policy and ToS.

    Top-of-funnel free tools (e.g. category description generator, meta title/description generators) listed in site footer.

    Hypotenuse AI APIProgrammatic content generation / enrichment

    data: Programmatic submission of catalog/content data; same data-handling and de-identified-improvement terms apply.

    API offering referenced in third-party API directories; intended for integration into customer pipelines.

    // What to watch

    • SOC 2 Type 2 and annual penetration testing confirmed directly on the vendor's own trust center (trust.hypotenuse.ai).
    • No ISO 27001 or HIPAA - normal for a focused ecommerce-AI scaleup; recorded as unknown/false, not invented.
    • No public bug-bounty program (HackerOne/Bugcrowd) found.
    • Training posture: ToS commits to using data only in aggregate/de-identified form to improve the service; the public privacy policy does not restate this, so the strongest no-training commitment lives in the ToS/enterprise contract rather than the privacy policy.
    • Underlying third-party LLM subprocessors are not named publicly.
    • DPA availability not confirmed on public pages (likely offered to enterprise customers but unverified) - marked unknown.

    // At a glance

    Pricing model

    Subscription SaaS (self-serve free tier + paid tiers) with sales-led Enterprise plans (book demo); usage scales with catalog/content volume.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Hypotenuse AI (Hypotenuse Technologies Pte. Ltd.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.hypotenuse.ai

    > Browse all vendor trust reports