// Trust & Security Report
Moises Systems, Inc.
Moises: consumer/prosumer creative suite for musicians (stem separation, vocal removal, chord/lyric tools, AI Studio, Voice Studio, Moises Live). Sibling enterprise brand Music.AI (music.ai, developer.moises.ai) offers the same underlying audio-AI models via API/B2B licensing to labels, publishers, and tech partners.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on help.moises.ai“"If you are in the EU, you may also contact our EU representative, Instant EU GDPR Representative Ltd, at: contact@gdprlocal.com" and "If you are in the UK, you may also contact our UK representative, GDPRLocal Ltd."; "Moises shall ensure that any transfer of your personal data is carried out in accordance with applicable privacy laws and...Standard Contractual Clauses or similar transfer mechanisms." (Self-attested privacy-policy posture, not an independent certification.)”
> Show 8 unconfirmed / not-held certifications
source: moises.aiNo public evidence. No trust center exists at moises.ai or music.ai; homepage, privacy policy, and terms of service contain no mention of a SOC 2 report.
source: moises.aiNo public evidence. No ISO 27001 certificate or trust center page was found on moises.ai, help.moises.ai, or music.ai.
source: moises.aiNo public evidence and not applicable: Moises is a music/audio creation tool that does not process protected health information; no HIPAA claim appears anywhere on the vendor's site.
source: moises.aiNo public evidence of a PCI DSS attestation. Subscription billing is handled by the product's checkout flow; no cardholder-data-environment scope statement was found on the vendor's domain.
source: moises.aiNo public evidence. No AI-governance certification is referenced on moises.ai, help.moises.ai, or music.ai.
source: moises.aiNo public evidence; not applicable to this consumer/creator product. No FedRAMP claim on the vendor's domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not publicly specified. Privacy policy describes global sharing of data with group companies and subcontractors, with Standard Contractual Clauses (or similar mechanisms) used to safeguard EU/UK/Swiss transfers; no specific data-center region or residency commitment is published.
Homepage FAQ states plainly: "Will Moises ever train on my data? No. Moises will never train on your data." The Terms of Service reinforce this contractually: "WE DO NOT USE YOUR USER CONTENT OR OUTPUT TO TRAIN AI MODELS WITHOUT YOUR PERMISSION" and "NO LICENSE SET FORTH IN THESE TERMS INCLUDES ANY RIGHTS FOR MOISES TO USE YOUR USER CONTENT OR OUTPUT TO TRAIN OR FINE-TUNE ARTIFICIAL INTELLIGENCE OR MACHINE LEARNING MODELS," unless a user has "expressly authorized such use in writing or via an electronic opt-in mechanism." Separately, the vendor states its models are trained only on licensed source material: "Moises only trains our models on licensed materials. We never train on any music without the owner's full approval." No public DPA document was found; one may be available on request for B2B/API customers but is not published.
// Security controls
Encryption / technical safeguards
Vendor states it implements "appropriate technical and organizational measures" including pseudonymization, encryption, access, and retention policies to guard against unauthorized access to personal data. Specific protocols (e.g. TLS version, at-rest encryption algorithm) are not publicly disclosed.
help.moises.aiIndependent security certification
None publicly evidenced. No trust center, SOC 2 report, or ISO certificate is published or referenced anywhere on moises.ai, help.moises.ai, or the enterprise-facing music.ai.
moises.aiGDPR representatives
EU representative: Instant EU GDPR Representative Ltd (Dublin, Ireland). UK representative: GDPRLocal Ltd. (Brighton, UK). Data subject rights (access, rectification, erasure, restriction) are described for EU/UK users.
help.moises.aiChildren's data
"We do not knowingly collect personal data from humans under 13 years or under the applicable age limit."
help.moises.aiData retention
"We keep your personal data only as long as necessary to provide you with the Moises Service and for legitimate business purposes," with exceptions for outstanding account issues, legal/tax obligations, and fraud prevention.
help.moises.aiUser content ownership
Users "retain(s) all rights, title, and interest in and to" both uploaded content and generated output; Moises is granted only a limited, non-exclusive license "solely to process the User Content and generate Output on your behalf."
help.moises.ai// Products & data scope
data: User-uploaded audio/video files, account and profile data, subscription/billing data, usage analytics
Free tier with limited monthly uploads plus paid subscription tiers for full functionality. This is the product covered by the vendor's published Privacy Policy and Terms of Service.
data: Audio files and processing requests submitted programmatically by business customers (labels, publishers, tech partners, developers)
No dedicated public trust/security page or independent certification was found for this enterprise-facing product; security terms and any DPA are likely negotiated bilaterally per contract rather than published. Treat as unverified for enterprise data-handling commitments until the vendor supplies documentation directly.
data: Real-time audio processing during live performance; desktop-only, governed by a separate End User License Agreement
Same parent privacy practices as the core Moises app; no additional certifications found.
// What to watch
- No SOC 2, ISO 27001, HIPAA, or any independent security certification is publicly evidenced, despite the vendor serving enterprise/B2B customers (labels, publishers, tech partners) through the Music.AI API platform. Enterprise buyers should request security documentation directly rather than assume parity with the consumer app's posture.
- No public Data Processing Agreement (DPA) document was located; it may exist for enterprise contracts but is not published.
- Data residency / processing region is not publicly specified beyond general SCC-based transfer language for EU/UK/Swiss users.
- Music.AI (music.ai) is a related enterprise-facing brand under the same parent company as Moises; its own security/legal pages were not independently verified beyond a linked Privacy Policy, so enterprise-specific commitments should be confirmed directly with the vendor before listing them as equivalent to the consumer product.
// At a glance
Pricing model
Freemium subscription for the consumer Moises app; custom/usage-based pricing for the Music.AI enterprise API (contact sales)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Moises Systems, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
help.moises.ai