// Trust & Security Report

    Lindy AI (Lindy Inc.) logo

    Lindy AI (Lindy Inc.)

    Lindy is an AI executive assistant SaaS platform that automates email triage, meeting scheduling, note-taking, and task management via iMessage/SMS. Available in free (7-day trial), Plus ($49.99/month), and Enterprise (custom pricing with SSO/SCIM/BAA) tiers.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type II — independently audited by Johanson Group

    Verify on lindy.ai
    HIPAA
    HELD

    HIPAA security controls mapped to requirements. Enterprise tier includes HIPAA Compliant and signed BAA

    Verify on lindy.ai
    GDPR
    HELD

    GDPR — validates operational effectiveness of security controls. Data Processing section in Terms establishes processor obligations under GDPR.

    Verify on lindy.ai
    PIPEDA
    HELD

    PIPEDA — verified through regular testing

    Verify on lindy.ai
    > Show 1 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    no public evidence of ISO 27001 certification found; vendor security page lists SOC 2, HIPAA, GDPR, PIPEDA but not ISO 27001

    source: lindy.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region (Digital Ocean, Microsoft Azure, Google Cloud); EU data processing via GDPR-compliant mechanisms

    Vendor explicitly states: 'your personal information will never be transferred, delivered, or made available to or otherwise used to train a generative AI product.' However, Terms of Service grant Lindy rights to use submissions for 'analytics purposes in perpetuity' — scope of this clause relative to AI model training is not explicitly clarified.

    // Security controls

    Encryption in Transit

    AES encryption; all data moving in/out encrypted

    lindy.ai

    Encryption at Rest

    Encrypted storage

    lindy.ai

    Access Control

    User-controlled, revocable permissions with all actions logged for visibility

    lindy.ai

    Infrastructure

    Enterprise-grade cloud infrastructure with hardened access controls

    lindy.ai

    Monitoring & Response

    Real-time monitoring, regular vulnerability scans, defined incident response procedures

    lindy.ai

    Data Protection Officer

    Luiz Scheidegger (DPO designated); Non-EU Representative: Florent Crivello

    lindy.ai

    // Products & data scope

    Lindy FreeAI Executive Assistant

    data: Up to 1 inbox, basic features (email drafting, meeting scheduling, meeting notes)

    7-day free trial, then paid tiers required. Limited data scope and features.

    Lindy PlusAI Executive Assistant

    data: Up to 2 inboxes, 100+ integrations, email triage, meeting scheduling, meeting prep & follow-up

    $49.99/month. Standard SaaS offering for individuals and small teams. No BAA or HIPAA compliance explicitly required at this tier.

    Lindy EnterpriseAI Executive Assistant

    data: Expanded usage, team settings, full audit logging

    Custom pricing. Includes SSO, SCIM, Audit logs, HIPAA Compliant with signed BAA, Dedicated support, Onboarding and enablement. Purpose-built for regulated environments and large organizations.

    // What to watch

    • Trust Center page returns 404 — security and compliance info sourced from /security page instead. Trust Center may be under construction or access-restricted.
    • ISO 27001 not claimed or publicly documented — vendor focuses on SOC 2, HIPAA, GDPR, PIPEDA but not ISO 27001. This is acceptable for a growth-stage SaaS vendor.
    • AI training clause: Privacy policy explicitly excludes customer data from AI training. However, Terms of Service include a broad 'analytics purposes in perpetuity' clause for user submissions. The boundary between 'analytics' and 'model training' is not explicitly defined. Recommend clarification during procurement.
    • HIPAA compliance available only on Enterprise tier with signed BAA — consumers on Plus tier are not HIPAA-covered. This is appropriate tier differentiation.
    • No explicit mention of data residency choice (EU vs. US). Multi-region default; unclear if customers can request EU-only data processing without explicit agreement with vendor.

    // At a glance

    Pricing model

    Freemium (7-day trial) + subscription (Plus $49.99/month, Enterprise custom)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Lindy AI (Lindy Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    lindy.ai

    > Browse all vendor trust reports