// Trust & Security Report
Kombai, Inc.
AI design engineer for frontend development. Unified platform combining design canvas, code generation, and browser editing for React, Vue, Angular, and other frontend stacks. Generates production-ready UI code from design with built-in best practices for 400+ frontend libraries.
Certifications held
3
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on kombai.com“Kombai is SOC 2 certified. It never uses your data for training or model improvements.”
Verify on docs.kombai.com“SOC2 compliance & security evaluations available on Enterprise plan”
Verify on kombai.com“Company endeavors to safeguard information consistently with requirements of applicable laws including GDPR; EU residents may lodge complaints with supervisory authorities”
> Show 2 unconfirmed / not-held certifications
source: kombai.trust.siteNo public evidence found on vendor domain or trust center
source: kombai.comTerms state 'Protected health information prohibited unless Business Associate Agreement signed' but no BAA is offered or referenced
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not specified; subprocessors include AWS (multi-region)
Vendor explicitly states on Pro and Enterprise plans: 'No AI training on your data.' Privacy policy does not mention customer data used for model training; mentions data analytics for service improvement and anonymized aggregate data.
// Security controls
Anti-malware protection
Endpoint security validation and full device/container-based encryption
kombai.trust.siteIdentity validation
Identity validation processes and employment termination procedures
kombai.trust.siteData retention policy
Deletion or anonymization where possible; secure storage and isolation otherwise
kombai.comCode of conduct
Documented code of business conduct framework with defined roles and responsibilities (23+ organizational controls)
kombai.trust.siteIncident management
Documented procedures for incident detection, response, and reporting
kombai.trust.siteThird-party processors
PostHog (analytics), Stripe (payments), Sentry (error monitoring), PropelAuth (auth), AWS (infrastructure), Linear (ticketing)
kombai.trust.site// Products & data scope
data: Design canvas files, codebase context, rendered UI in browser. Customer data ownership retained.
Free plan (300 credits/month), Pro plan ($20–$1,000/month, SOC 2 + no AI training), Enterprise (custom pricing, SOC 2 + security evaluations). Supports React, Vue, Angular, Svelte, Solid, Preact, Vanilla JS, React Native, Flutter, Blazor, and 400+ frontend libraries.
// What to watch
- ISO 27001 not claimed or mentioned on trust center; vendor appears focused on SOC 2 only
- HIPAA not available (terms prohibit PHI unless BAA signed, but no BAA offering found)
- Trust center hosted on trust.site domain (third-party trust aggregator) rather than vendor's own subdomain, though this is common industry practice
- Acceptable Use Policy linked in footer but returns 404; policy file may not be publicly accessible or may be handled via terms of service
// At a glance
Pricing model
Free tier with usage credits (300/month), Pro subscription with flexible credits (2,000–110,000/month), Enterprise custom pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Kombai, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
kombai.trust.site