// Trust & Security Report

    OmniSale GMBH logo

    OmniSale GMBH

    AI audio processing suite: vocal remover, stem splitter, voice cleaner, voice changer, voice cloner, echo/reverb remover. Six neural network generations (Andromeda is current, 6th-gen). Enterprise API available.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    Privacy policy explicitly complies with GDPR Article 6 processing bases (consent, contract, legal obligation, legitimate interest). All GDPR data subject rights documented: access, rectification, erasure, restriction, portability, objection, consent withdrawal. Double opt-in for newsletter. Routine data deletion per legal requirements.

    Verify on lalal.ai
    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    Nudge Security claims Lalal.ai is SOC 2 compliant, but no trust center, audit report, or reference to SOC 2 appears on Lalal.ai's own domain (lalal.ai). Search of About, Privacy Policy, Terms, and FAQ pages yields zero evidence. Likely data conflation with AWS infrastructure or outdated auto-population in third-party security profile.

    source: lalal.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence on Lalal.ai's domain. Nudge Security lists as compliant, but vendor's own website contains no mention, trust center, or audit report. Confirmed via site:lalal.ai search.

    source: lalal.ai
    HIPAA
    NOT CONFIRMED

    No public evidence on Lalal.ai domain. Nudge Security lists as HIPAA compliant, but vendor provides no trust center, BAA template, or compliance statement. Audio processing tool has no stated HIPAA scope.

    source: lalal.ai
    ISO 27017 (cloud security)
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: lalal.ai
    ISO 27018 (cloud PII protection)
    NOT CONFIRMED

    No public evidence on vendor domain.

    source: lalal.ai
    PCI DSS
    NOT CONFIRMED

    Nudge Security lists as PCI compliant, but vendor website has no trust center or compliance documentation. Unclear if vendor directly processes payment cards or delegates to payment processor. No evidence of PCI scope on Lalal.ai's domain.

    source: lalal.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence on Lalal.ai domain. Nudge Security claims compliance, but vendor is Switzerland-based with no stated FedRAMP scope or documentation.

    source: lalal.ai
    CSA STAR Level 1
    NOT CONFIRMED

    Nudge Security lists CSA STAR Level 1, but vendor website has no mention or documentation. CSA STAR certification requires public attestation on vendor domain.

    source: lalal.ai
    Data Processing Agreement (DPA)
    NOT CONFIRMED

    Privacy policy makes no mention of DPA availability. Terms of Service and Privacy Policy reviewed; no DPA template or reference found.

    source: lalal.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Unknown; privacy policy does not specify geographic data residency. Infrastructure operates on AWS, but no region commitment documented.

    Vendor explicitly states in Privacy Policy: 'does not use user files for artificial intelligence training or other content.' For voice cloning specifically: recordings are not used for further training of LALAL.AI's voice cloning technology or development of other AI products. Data retained only as long as necessary to provide service.

    // Security controls

    Data non-usage for training

    Confirmed: Uploaded audio/video files not used for AI model training or shared with third parties.

    lalal.ai

    DMCA compliance

    Vendor voluntarily complies with Digital Millennium Copyright Act. DMCA notice agent: notice@incorporatenow.com

    lalal.ai

    Technical & organizational security measures

    Referenced in privacy policy (pseudonymization, organizational controls) but no detailed security architecture or incident response policy documented.

    lalal.ai

    Infrastructure

    AWS-based (per Nudge Security). Third-party services: Mailgun (email), KeyCDN (CDN), Google Workspace. No security audit or third-party assessment published.

    security-profiles.nudgesecurity.com

    Data retention policy

    Data stored only as long as necessary; routine deletion per legal requirements. No specific retention schedule published.

    lalal.ai

    SSL/HTTPS

    Valid SSL certificate for secure communication.

    nudgesecurity.com

    // Products & data scope

    Vocal Remover & Stem Splitter (web)Audio processing

    data: User-uploaded audio/video files; file metadata (name, upload date, duration)

    Core product. Supports MP3, OGG, WAV, FLAC, AIFF, AAC, M4A audio; AVI, MP4, MKV, MOV, M4V video. Batch processing available on Pro plan. Does not train on uploaded files.

    Voice CleanerAudio processing

    data: Audio files for noise/echo/reverb removal

    Removes background noise, echo, reverb. Data not used for training.

    Voice ChangerVoice synthesis

    data: User voice input for pitch/accent adjustment

    For podcasts, videos, creative use. No training on user data.

    Voice ClonerVoice synthesis

    data: Reference voice recordings for model training

    Clones voice for voiceovers, ad reads. Policy: reference recordings not used for further training of voice cloning model or other products. Retention only as long as needed to provide service.

    Echo & Reverb RemoverAudio processing

    data: Audio files with reverb/echo

    Improves voice clarity in roomy recordings.

    Lead/Backing Vocal SplitterAudio processing

    data: Audio files with vocal layers

    Separates lead vocals, backing vocals, instrumental. Four output tracks: Lead, Backing, Instrumental, Instrumental+Backing.

    API (Enterprise)Developer integration

    data: Programmatic audio processing via REST API

    Custom enterprise integrations for bulk audio processing. Secure by design (same privacy/security posture as web products).

    Desktop Apps (macOS, Windows)Local/hybrid processing

    data: Local audio files processed via app

    Download-based access to core vocal removal. VST plugin available on Pro plan for DAW integration.

    Mobile Apps (iOS, Android)Mobile audio processing

    data: Mobile audio uploads for cloud processing

    iOS and Android apps for on-the-go vocal removal. Cloud-based processing.

    // What to watch

    • OVER-CLAIM RISK: Nudge Security profile lists Lalal.ai as SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, and CSA STAR Level 1 compliant, but Lalal.ai's own website contains ZERO evidence of any of these certifications. No trust center page exists. This is either data conflation (certifications belonging to AWS infrastructure), outdated auto-population, or unverified third-party data. AIFOXX should NOT cite these certs without direct vendor proof.
    • NO TRUST CENTER: Unlike enterprise competitors (e.g., Descript, Eleven Labs), Lalal.ai does not maintain a public trust center, security page, or compliance documentation portal. This limits transparency for enterprise/regulated customers.
    • NO DPA: Privacy policy does not reference Data Processing Agreements (DPA). Critical for GDPR compliance with B2B customers. Vendor should be asked if they offer DPA template.
    • DATA RESIDENCY UNKNOWN: Privacy policy does not specify where data is stored or processed. AWS suspected but not confirmed. Relevant for GDPR/regional compliance.
    • NO HIPAA SCOPE: Despite Nudge Security claim, vendor makes no effort to market HIPAA compliance, has no BAA, and no evidence of covered entity/business associate structure. Audio processing tool is consumer/creative-focused, not healthcare.
    • IDENTITY VERIFIED: Legal entity confirmed as OmniSale GMBH, Switzerland (Grundstrasse 10, 6343 Risch-Rotkreuz). Domain control confirmed.
    • GROWTH-STAGE MATURITY: 6.79M registered users (2025), Webby Award winner, but lacks formal enterprise compliance certifications. Suitable for SMB/creator market, not regulated industries without further verification.
    • AI TRAINING POSTURE CLEAR: Vendor unambiguously states no training on user data. This is a strength and differentiator.

    // At a glance

    Pricing model

    Freemium SaaS with monthly/annual subscriptions. Starter (free): 10min, 200MB limit. Lite: EUR 6.75/mo (90min fast queue). Pro: EUR 13.5/mo (250min fast queue, API access, VST plugin, early feature access). Custom enterprise rates available.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on OmniSale GMBH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    lalal.ai

    > Browse all vendor trust reports