// Trust & Security Report
Text, Inc. (formerly LiveChat Software SA)
LiveChat is a cloud-based live chat and customer service software platform with AI capabilities, primarily serving e-commerce and SaaS businesses. Products include the core chat widget, AI chatbots, Copilot AI assistant, and integrations with 200+ third-party tools.
Certifications held
6
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on livechat.com“LiveChat provides a Data Processing Agreement (DPA) integrated into their standard service agreement (no separate signature required). Documentation includes GDPR readiness guidance, data processing addendum with updated SCCs (Standard Contractual Clauses), and international data transfer compliance. 'the DPA is already an integral part of the Agreement, meaning it does not require a separate signature.'”
Verify on livechat.com“LiveChat enterprise page lists 'HIPAA Features' verbatim as an available compliance capability. The BAA guide defines PHI as 'any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed to a covered entity and/or their business associate(s) in the course of providing a health care service, such as a diagnosis or treatment.' HIPAA features available on eligible enterprise plans with a signed BAA.”
Verify on livechat.com“PCI DSS compliance listed as enterprise security feature. Text.com main page lists 'PCI DSS - SAQ A' as certified standard. Credit card masking feature available to prevent exposure of card data in chats.”
Verify on text.com“CCPA compliance mentioned on Text.com main security page and LiveChat help center as part of compliance standards. Guidance provided for California privacy law compliance.”
Verify on text.com“WCAG 2.2 accessibility standards compliance listed on Text.com main page as part of compliance certification.”
Verify on text.com“International data transfer compliance framework listed on Text.com. Uses updated SCCs (Standard Contractual Clauses) for EU/EEA data transfers.”
> Show 3 unconfirmed / not-held certifications
source: livechat.comClaimed as 'AICPA SOC 2' on enterprise page (https://www.livechat.com/enterprise/) and listed on main website (https://www.text.com/), but no public audit report or detailed SOC 2 documentation is accessible. RiscLens assessment notes 'SOC 2 publicly mentioned (claim only)' with no confirmed public audit report found.
source: livechat.comNo public evidence found. ISO 27001 is not mentioned on any LiveChat/Text security or compliance pages reviewed.
source: livechat.comSSAE 16 is mentioned in relation to their data center provider (Softlayer), not LiveChat's own certification: 'Services provided to us by Softlayer are in compliance with the SSAE16 standard.' This is the host's compliance, not the vendor's.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
EU (European Union) data residency option available. Data centers documented with IBM servers and Akamai CDN infrastructure. Primary operations in Poland (Wroclaw headquarters) with US offices (Boston).
LiveChat documentation states 'Customers retain rights to content generated through their use of Text's platform' and that the company 'partners only with trusted AI model providers and fine-tunes its systems.' However, the specific policy on whether customer conversation data is used for model training/improvement is not clearly disclosed. Documentation mentions options to 'opt out of bot interactions or profiling' and route to human agents, but does not explicitly state whether customer data is excluded from AI model training.
// Security controls
Encryption in Transit
256-bit SSL protocol and TLS 1.2 (TLS 1.1 deprecated as of August 31, 2020)
livechat.comEncryption at Rest
Enterprise-grade encryption documented but specific algorithm not publicly detailed
livechat.comAccess Control
Role-based access control (Owner, Administrators, Agents), Single Sign-On (SSO) via Auth0 and SAML-based SSO for enterprise, customizable user permissions
livechat.comData Center Security
On-site security personnel, compliance with SSAE16 standard (through Softlayer provider), IBM servers and Akamai CDN infrastructure
livechat.comAudit & Compliance
Audit-ready reports, regular security audits referenced but detailed audit schedule not publicly available
livechat.comSensitive Data Protection
Credit card masking feature to prevent exposure of PCI-sensitive data in chat transcripts
livechat.com// Products & data scope
data: Chat conversations, customer visitor data from pre-chat surveys, ticket content, chat transcripts
Primary product; available on freemium and paid tiers. Free 14-day trial available. Supports browser, Windows, Android, iOS, and Mac platforms.
data: Conversation data for AI model fine-tuning (scope/opt-out unclear), bot interaction logs
AI-powered customer service automation. Includes Copilot AI assistant and ChatBot capabilities. Training practices on customer data not explicitly documented.
data: Text communication data for analysis and enrichment
Analyzes, enriches, and automates text communication. Helps brands provide better customer service at scale.
// What to watch
- SOC 2 Type 2 claimed on enterprise and main website but no public audit report accessible; RiscLens found no confirmed public SOC 2 report. Trust center exists at https://trust.text.com/ but content not publicly accessible via standard web fetch (may require authentication or JavaScript rendering).
- AI training practices on customer conversation data not clearly disclosed. Platform mentions 'retaining rights to content' and 'fine-tuning' but does not explicitly state whether customer data is used for model improvement or if opt-outs prevent training use.
- SSAE 16 referenced is for data center provider (Softlayer), not LiveChat/Text's own certification.
- ISO 27001 not mentioned anywhere despite enterprise positioning and 35,000+ customer base.
- No dedicated, publicly-accessible compliance/audit report download center (RiscLens noted absence of public trust center with downloadable reports).
- Privacy Shield Framework mentioned but this is outdated (invalidated in 2020); current standard practice is updated SCCs which are documented.
// At a glance
Pricing model
Freemium with paid tiers starting at $19/month; enterprise custom pricing available
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Text, Inc. (formerly LiveChat Software SA)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.text.com