// Trust & Security Report
OmniSale GMBH
AI audio processing suite: vocal remover, stem splitter, voice cleaner, voice changer, voice cloner, echo/reverb remover. Six neural network generations (Andromeda is current, 6th-gen). Enterprise API available.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on lalal.ai“Privacy policy explicitly complies with GDPR Article 6 processing bases (consent, contract, legal obligation, legitimate interest). All GDPR data subject rights documented: access, rectification, erasure, restriction, portability, objection, consent withdrawal. Double opt-in for newsletter. Routine data deletion per legal requirements.”
> Show 9 unconfirmed / not-held certifications
source: lalal.aiNudge Security claims Lalal.ai is SOC 2 compliant, but no trust center, audit report, or reference to SOC 2 appears on Lalal.ai's own domain (lalal.ai). Search of About, Privacy Policy, Terms, and FAQ pages yields zero evidence. Likely data conflation with AWS infrastructure or outdated auto-population in third-party security profile.
source: lalal.aiNo public evidence on Lalal.ai's domain. Nudge Security lists as compliant, but vendor's own website contains no mention, trust center, or audit report. Confirmed via site:lalal.ai search.
source: lalal.aiNo public evidence on Lalal.ai domain. Nudge Security lists as HIPAA compliant, but vendor provides no trust center, BAA template, or compliance statement. Audio processing tool has no stated HIPAA scope.
source: lalal.aiNudge Security lists as PCI compliant, but vendor website has no trust center or compliance documentation. Unclear if vendor directly processes payment cards or delegates to payment processor. No evidence of PCI scope on Lalal.ai's domain.
source: lalal.aiNo public evidence on Lalal.ai domain. Nudge Security claims compliance, but vendor is Switzerland-based with no stated FedRAMP scope or documentation.
source: lalal.aiNudge Security lists CSA STAR Level 1, but vendor website has no mention or documentation. CSA STAR certification requires public attestation on vendor domain.
source: lalal.aiPrivacy policy makes no mention of DPA availability. Terms of Service and Privacy Policy reviewed; no DPA template or reference found.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Unknown; privacy policy does not specify geographic data residency. Infrastructure operates on AWS, but no region commitment documented.
Vendor explicitly states in Privacy Policy: 'does not use user files for artificial intelligence training or other content.' For voice cloning specifically: recordings are not used for further training of LALAL.AI's voice cloning technology or development of other AI products. Data retained only as long as necessary to provide service.
// Security controls
Data non-usage for training
Confirmed: Uploaded audio/video files not used for AI model training or shared with third parties.
lalal.aiDMCA compliance
Vendor voluntarily complies with Digital Millennium Copyright Act. DMCA notice agent: notice@incorporatenow.com
lalal.aiTechnical & organizational security measures
Referenced in privacy policy (pseudonymization, organizational controls) but no detailed security architecture or incident response policy documented.
lalal.aiInfrastructure
AWS-based (per Nudge Security). Third-party services: Mailgun (email), KeyCDN (CDN), Google Workspace. No security audit or third-party assessment published.
security-profiles.nudgesecurity.comData retention policy
Data stored only as long as necessary; routine deletion per legal requirements. No specific retention schedule published.
lalal.ai// Products & data scope
data: User-uploaded audio/video files; file metadata (name, upload date, duration)
Core product. Supports MP3, OGG, WAV, FLAC, AIFF, AAC, M4A audio; AVI, MP4, MKV, MOV, M4V video. Batch processing available on Pro plan. Does not train on uploaded files.
data: Audio files for noise/echo/reverb removal
Removes background noise, echo, reverb. Data not used for training.
data: User voice input for pitch/accent adjustment
For podcasts, videos, creative use. No training on user data.
data: Reference voice recordings for model training
Clones voice for voiceovers, ad reads. Policy: reference recordings not used for further training of voice cloning model or other products. Retention only as long as needed to provide service.
data: Audio files with reverb/echo
Improves voice clarity in roomy recordings.
data: Audio files with vocal layers
Separates lead vocals, backing vocals, instrumental. Four output tracks: Lead, Backing, Instrumental, Instrumental+Backing.
data: Programmatic audio processing via REST API
Custom enterprise integrations for bulk audio processing. Secure by design (same privacy/security posture as web products).
data: Local audio files processed via app
Download-based access to core vocal removal. VST plugin available on Pro plan for DAW integration.
data: Mobile audio uploads for cloud processing
iOS and Android apps for on-the-go vocal removal. Cloud-based processing.
// What to watch
- OVER-CLAIM RISK: Nudge Security profile lists Lalal.ai as SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, and CSA STAR Level 1 compliant, but Lalal.ai's own website contains ZERO evidence of any of these certifications. No trust center page exists. This is either data conflation (certifications belonging to AWS infrastructure), outdated auto-population, or unverified third-party data. AIFOXX should NOT cite these certs without direct vendor proof.
- NO TRUST CENTER: Unlike enterprise competitors (e.g., Descript, Eleven Labs), Lalal.ai does not maintain a public trust center, security page, or compliance documentation portal. This limits transparency for enterprise/regulated customers.
- NO DPA: Privacy policy does not reference Data Processing Agreements (DPA). Critical for GDPR compliance with B2B customers. Vendor should be asked if they offer DPA template.
- DATA RESIDENCY UNKNOWN: Privacy policy does not specify where data is stored or processed. AWS suspected but not confirmed. Relevant for GDPR/regional compliance.
- NO HIPAA SCOPE: Despite Nudge Security claim, vendor makes no effort to market HIPAA compliance, has no BAA, and no evidence of covered entity/business associate structure. Audio processing tool is consumer/creative-focused, not healthcare.
- IDENTITY VERIFIED: Legal entity confirmed as OmniSale GMBH, Switzerland (Grundstrasse 10, 6343 Risch-Rotkreuz). Domain control confirmed.
- GROWTH-STAGE MATURITY: 6.79M registered users (2025), Webby Award winner, but lacks formal enterprise compliance certifications. Suitable for SMB/creator market, not regulated industries without further verification.
- AI TRAINING POSTURE CLEAR: Vendor unambiguously states no training on user data. This is a strength and differentiator.
// At a glance
Pricing model
Freemium SaaS with monthly/annual subscriptions. Starter (free): 10min, 200MB limit. Lite: EUR 6.75/mo (90min fast queue). Pro: EUR 13.5/mo (250min fast queue, API access, VST plugin, early feature access). Custom enterprise rates available.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on OmniSale GMBH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
lalal.ai