// Trust & Security Report

    Text, Inc. (formerly LiveChat Software SA) logo

    Text, Inc. (formerly LiveChat Software SA)

    LiveChat is a cloud-based live chat and customer service software platform with AI capabilities, primarily serving e-commerce and SaaS businesses. Products include the core chat widget, AI chatbots, Copilot AI assistant, and integrations with 200+ third-party tools.

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    LiveChat provides a Data Processing Agreement (DPA) integrated into their standard service agreement (no separate signature required). Documentation includes GDPR readiness guidance, data processing addendum with updated SCCs (Standard Contractual Clauses), and international data transfer compliance. 'the DPA is already an integral part of the Agreement, meaning it does not require a separate signature.'

    Verify on livechat.com
    HIPAA
    HELD

    LiveChat enterprise page lists 'HIPAA Features' verbatim as an available compliance capability. The BAA guide defines PHI as 'any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed to a covered entity and/or their business associate(s) in the course of providing a health care service, such as a diagnosis or treatment.' HIPAA features available on eligible enterprise plans with a signed BAA.

    Verify on livechat.com
    PCI DSS (Payment Card Industry Data Security Standard)
    HELD

    PCI DSS compliance listed as enterprise security feature. Text.com main page lists 'PCI DSS - SAQ A' as certified standard. Credit card masking feature available to prevent exposure of card data in chats.

    Verify on livechat.com
    CCPA (California Consumer Privacy Act)
    HELD

    CCPA compliance mentioned on Text.com main security page and LiveChat help center as part of compliance standards. Guidance provided for California privacy law compliance.

    Verify on text.com
    WCAG 2.2 (Web Content Accessibility Guidelines)
    HELD

    WCAG 2.2 accessibility standards compliance listed on Text.com main page as part of compliance certification.

    Verify on text.com
    Data Privacy Framework
    HELD

    International data transfer compliance framework listed on Text.com. Uses updated SCCs (Standard Contractual Clauses) for EU/EEA data transfers.

    Verify on text.com
    > Show 3 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    Claimed as 'AICPA SOC 2' on enterprise page (https://www.livechat.com/enterprise/) and listed on main website (https://www.text.com/), but no public audit report or detailed SOC 2 documentation is accessible. RiscLens assessment notes 'SOC 2 publicly mentioned (claim only)' with no confirmed public audit report found.

    source: livechat.com
    ISO 27001
    NOT CONFIRMED

    No public evidence found. ISO 27001 is not mentioned on any LiveChat/Text security or compliance pages reviewed.

    source: livechat.com
    SSAE 16
    NOT CONFIRMED

    SSAE 16 is mentioned in relation to their data center provider (Softlayer), not LiveChat's own certification: 'Services provided to us by Softlayer are in compliance with the SSAE16 standard.' This is the host's compliance, not the vendor's.

    source: livechat.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    EU (European Union) data residency option available. Data centers documented with IBM servers and Akamai CDN infrastructure. Primary operations in Poland (Wroclaw headquarters) with US offices (Boston).

    LiveChat documentation states 'Customers retain rights to content generated through their use of Text's platform' and that the company 'partners only with trusted AI model providers and fine-tunes its systems.' However, the specific policy on whether customer conversation data is used for model training/improvement is not clearly disclosed. Documentation mentions options to 'opt out of bot interactions or profiling' and route to human agents, but does not explicitly state whether customer data is excluded from AI model training.

    // Security controls

    Encryption in Transit

    256-bit SSL protocol and TLS 1.2 (TLS 1.1 deprecated as of August 31, 2020)

    livechat.com

    Encryption at Rest

    Enterprise-grade encryption documented but specific algorithm not publicly detailed

    livechat.com

    Access Control

    Role-based access control (Owner, Administrators, Agents), Single Sign-On (SSO) via Auth0 and SAML-based SSO for enterprise, customizable user permissions

    livechat.com

    Data Center Security

    On-site security personnel, compliance with SSAE16 standard (through Softlayer provider), IBM servers and Akamai CDN infrastructure

    livechat.com

    Audit & Compliance

    Audit-ready reports, regular security audits referenced but detailed audit schedule not publicly available

    livechat.com

    Sensitive Data Protection

    Credit card masking feature to prevent exposure of PCI-sensitive data in chat transcripts

    livechat.com

    // Products & data scope

    LiveChat Core PlatformLive Chat & Customer Service

    data: Chat conversations, customer visitor data from pre-chat surveys, ticket content, chat transcripts

    Primary product; available on freemium and paid tiers. Free 14-day trial available. Supports browser, Windows, Android, iOS, and Mac platforms.

    LiveChat AI & ChatbotsAI/Automation

    data: Conversation data for AI model fine-tuning (scope/opt-out unclear), bot interaction logs

    AI-powered customer service automation. Includes Copilot AI assistant and ChatBot capabilities. Training practices on customer data not explicitly documented.

    Text IntelligenceAI/Analytics

    data: Text communication data for analysis and enrichment

    Analyzes, enriches, and automates text communication. Helps brands provide better customer service at scale.

    // What to watch

    • SOC 2 Type 2 claimed on enterprise and main website but no public audit report accessible; RiscLens found no confirmed public SOC 2 report. Trust center exists at https://trust.text.com/ but content not publicly accessible via standard web fetch (may require authentication or JavaScript rendering).
    • AI training practices on customer conversation data not clearly disclosed. Platform mentions 'retaining rights to content' and 'fine-tuning' but does not explicitly state whether customer data is used for model improvement or if opt-outs prevent training use.
    • SSAE 16 referenced is for data center provider (Softlayer), not LiveChat/Text's own certification.
    • ISO 27001 not mentioned anywhere despite enterprise positioning and 35,000+ customer base.
    • No dedicated, publicly-accessible compliance/audit report download center (RiscLens noted absence of public trust center with downloadable reports).
    • Privacy Shield Framework mentioned but this is outdated (invalidated in 2020); current standard practice is updated SCCs which are documented.

    // At a glance

    Pricing model

    Freemium with paid tiers starting at $19/month; enterprise custom pricing available

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Text, Inc. (formerly LiveChat Software SA)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.text.com

    > Browse all vendor trust reports