// Trust & Security Report

    Moises Systems, Inc. logo

    Moises Systems, Inc.

    Moises: consumer/prosumer creative suite for musicians (stem separation, vocal removal, chord/lyric tools, AI Studio, Voice Studio, Moises Live). Sibling enterprise brand Music.AI (music.ai, developer.moises.ai) offers the same underlying audio-AI models via API/B2B licensing to labels, publishers, and tech partners.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR compliance posture
    HELD

    "If you are in the EU, you may also contact our EU representative, Instant EU GDPR Representative Ltd, at: contact@gdprlocal.com" and "If you are in the UK, you may also contact our UK representative, GDPRLocal Ltd."; "Moises shall ensure that any transfer of your personal data is carried out in accordance with applicable privacy laws and...Standard Contractual Clauses or similar transfer mechanisms." (Self-attested privacy-policy posture, not an independent certification.)

    Verify on help.moises.ai
    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center exists at moises.ai or music.ai; homepage, privacy policy, and terms of service contain no mention of a SOC 2 report.

    source: moises.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence. No ISO 27001 certificate or trust center page was found on moises.ai, help.moises.ai, or music.ai.

    source: moises.ai
    HIPAA
    NOT CONFIRMED

    No public evidence and not applicable: Moises is a music/audio creation tool that does not process protected health information; no HIPAA claim appears anywhere on the vendor's site.

    source: moises.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence of a PCI DSS attestation. Subscription billing is handled by the product's checkout flow; no cardholder-data-environment scope statement was found on the vendor's domain.

    source: moises.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence on the vendor's domain.

    source: moises.ai
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence. No AI-governance certification is referenced on moises.ai, help.moises.ai, or music.ai.

    source: moises.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence on the vendor's domain.

    source: moises.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable to this consumer/creator product. No FedRAMP claim on the vendor's domain.

    source: moises.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not publicly specified. Privacy policy describes global sharing of data with group companies and subcontractors, with Standard Contractual Clauses (or similar mechanisms) used to safeguard EU/UK/Swiss transfers; no specific data-center region or residency commitment is published.

    Homepage FAQ states plainly: "Will Moises ever train on my data? No. Moises will never train on your data." The Terms of Service reinforce this contractually: "WE DO NOT USE YOUR USER CONTENT OR OUTPUT TO TRAIN AI MODELS WITHOUT YOUR PERMISSION" and "NO LICENSE SET FORTH IN THESE TERMS INCLUDES ANY RIGHTS FOR MOISES TO USE YOUR USER CONTENT OR OUTPUT TO TRAIN OR FINE-TUNE ARTIFICIAL INTELLIGENCE OR MACHINE LEARNING MODELS," unless a user has "expressly authorized such use in writing or via an electronic opt-in mechanism." Separately, the vendor states its models are trained only on licensed source material: "Moises only trains our models on licensed materials. We never train on any music without the owner's full approval." No public DPA document was found; one may be available on request for B2B/API customers but is not published.

    // Security controls

    Encryption / technical safeguards

    Vendor states it implements "appropriate technical and organizational measures" including pseudonymization, encryption, access, and retention policies to guard against unauthorized access to personal data. Specific protocols (e.g. TLS version, at-rest encryption algorithm) are not publicly disclosed.

    help.moises.ai

    Independent security certification

    None publicly evidenced. No trust center, SOC 2 report, or ISO certificate is published or referenced anywhere on moises.ai, help.moises.ai, or the enterprise-facing music.ai.

    moises.ai

    GDPR representatives

    EU representative: Instant EU GDPR Representative Ltd (Dublin, Ireland). UK representative: GDPRLocal Ltd. (Brighton, UK). Data subject rights (access, rectification, erasure, restriction) are described for EU/UK users.

    help.moises.ai

    Children's data

    "We do not knowingly collect personal data from humans under 13 years or under the applicable age limit."

    help.moises.ai

    Data retention

    "We keep your personal data only as long as necessary to provide you with the Moises Service and for legitimate business purposes," with exceptions for outstanding account issues, legal/tax obligations, and fraud prevention.

    help.moises.ai

    User content ownership

    Users "retain(s) all rights, title, and interest in and to" both uploaded content and generated output; Moises is granted only a limited, non-exclusive license "solely to process the User Content and generate Output on your behalf."

    help.moises.ai

    // Products & data scope

    Moises (web, desktop, iOS, iPad, Android)Consumer/prosumer music creation and stem-separation app

    data: User-uploaded audio/video files, account and profile data, subscription/billing data, usage analytics

    Free tier with limited monthly uploads plus paid subscription tiers for full functionality. This is the product covered by the vendor's published Privacy Policy and Terms of Service.

    Music.AI Platform (music.ai, developer.moises.ai)B2B / enterprise API for audio-separation and audio-AI models

    data: Audio files and processing requests submitted programmatically by business customers (labels, publishers, tech partners, developers)

    No dedicated public trust/security page or independent certification was found for this enterprise-facing product; security terms and any DPA are likely negotiated bilaterally per contract rather than published. Treat as unverified for enterprise data-handling commitments until the vendor supplies documentation directly.

    Moises LiveReal-time desktop performance tool

    data: Real-time audio processing during live performance; desktop-only, governed by a separate End User License Agreement

    Same parent privacy practices as the core Moises app; no additional certifications found.

    // What to watch

    • No SOC 2, ISO 27001, HIPAA, or any independent security certification is publicly evidenced, despite the vendor serving enterprise/B2B customers (labels, publishers, tech partners) through the Music.AI API platform. Enterprise buyers should request security documentation directly rather than assume parity with the consumer app's posture.
    • No public Data Processing Agreement (DPA) document was located; it may exist for enterprise contracts but is not published.
    • Data residency / processing region is not publicly specified beyond general SCC-based transfer language for EU/UK/Swiss users.
    • Music.AI (music.ai) is a related enterprise-facing brand under the same parent company as Moises; its own security/legal pages were not independently verified beyond a linked Privacy Policy, so enterprise-specific commitments should be confirmed directly with the vendor before listing them as equivalent to the consumer product.

    // At a glance

    Pricing model

    Freemium subscription for the consumer Moises app; custom/usage-based pricing for the Music.AI enterprise API (contact sales)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Moises Systems, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    help.moises.ai

    > Browse all vendor trust reports