// Trust & Security Report
Video Puppet Limited (trading as Narakeet)
Text-to-speech and AI narrated-video tool family: browser-based Text to Speech (documents/scripts to audio), Slides to Video (PowerPoint/Markdown to narrated video), subtitle-to-audio dubbing, plus a Developer API and command-line client for CI/CD-driven video automation.
Certifications held
1
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on narakeet.com“"We rent data storage, communication, web hosting and computing services from Amazon Web Services and they will act as a data processor" and the privacy policy lists data-subject rights including "the right to access; the right to rectification; the right to erasure; the right to restrict processing; the right to object to processing; the right to data portability." The footer also links a page titled "GDPR/Data security".”
> Show 8 unconfirmed / not-held certifications
source: narakeet.comNo public evidence. Narakeet's data-security, privacy, and terms pages describe encryption, access control, and retention practices but do not mention SOC 2 or any independent audit report.
source: narakeet.comNo public evidence. No ISO 27001 certificate, badge, or reference found on Narakeet's data-security, privacy, or about pages.
source: narakeet.comNo public evidence. No mention of HIPAA, Business Associate Agreements (BAA), or healthcare-specific handling anywhere on Narakeet's site.
source: narakeet.comNo public evidence of Narakeet holding PCI DSS itself; payment card data is handled entirely by third-party processors (Stripe, PayPal, Tazapay, Antom, Paddle, AirWallex), which is a common and acceptable pattern for a small vendor rather than a gap.
source: narakeet.comNo public evidence. Not mentioned on any Narakeet page found.
source: narakeet.comNo public evidence. Narakeet's product is a text-to-speech/video tool but no AI-governance certification is referenced anywhere on its site.
source: narakeet.comNo public evidence. Not mentioned on any Narakeet page found.
source: narakeet.comNo public evidence. Not applicable to a small consumer/prosumer SaaS tool; not mentioned on any Narakeet page found.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Amazon Web Services US-East-1 region (North Virginia) for uploaded source files and generated video/audio output.
No mention of AI/ML model training on customer-uploaded content (scripts, audio, video, or account data) in the privacy policy, terms of use, FAQ, or data-security page. Narakeet's product itself is a text-to-speech/video generation tool using third-party and licensed voice engines, and the data-security page explicitly states "We do not share any personal user information with the voice providers," but there is no explicit statement either way on whether uploaded scripts or audio are used to improve models. Set to null (unconfirmed) rather than false, since absence of a training-data statement is not the same as a documented opt-out.
// Security controls
Encryption in transit
"All the file transfers and web interactions are protected using HTTPS."
narakeet.comEncryption at rest
"Technically, we implement storage using AWS S3 server-side encryption."
narakeet.comInfrastructure provider
Amazon Web Services (AWS), US-East-1 region, using AWS S3, AWS Cognito, and AWS IAM with S3 access policies for per-user file access control.
narakeet.comAccess control
"Narakeet uses storage authentication for each access to a video file or uploaded asset, so other users do not have any access to your files."
narakeet.comData retention
Uploaded source assets (presentations, images, scripts) are automatically deleted 30 days after upload; output videos/audio are automatically deleted after up to 48 hours; user account data is removed when the account expires.
narakeet.comBreach history
"We are not aware of any security or privacy breaches related to data stored by Narakeet." (self-reported, no independent audit cited)
narakeet.comIndependent security certification
n/a - not verified. No SOC 2, ISO 27001, or other independent audit/certification found.
narakeet.com// Products & data scope
data: Uploaded scripts and documents (Word, PDF, EPUB, plain text); generated audio files
900 voices across 100 languages, browser-based, no registration required for free tier
data: Uploaded PowerPoint/Google Slides/Markdown source files and images; generated video output
Automated narration, subtitles, and closed captions
data: Uploaded SRT/WebVTT subtitle files; generated synchronized audio
Used for localization/dubbing of e-learning and video content
data: API-submitted scripts, slides, and assets; generated audio/video returned via API
Intended for integrating narrated-video production into automation and continuous delivery pipelines; same underlying storage/retention model as the web app
// What to watch
- No trust center and no independent security certifications (SOC 2, ISO 27001, or similar) found anywhere on the vendor's site; this is typical for a small/startup-stage tool and is recorded honestly rather than penalized, but AIFOXX should not display any compliance badges for this vendor.
- GDPR posture is present (data-subject rights listed, AWS as documented processor) but there is no dedicated Data Processing Agreement (DPA) offering mentioned, and no cookie/consent-management detail was reviewed.
- AI-training posture on customer-uploaded scripts/audio/video is undocumented (neither confirmed nor denied) in the privacy policy or terms of use; flagged as unconfirmed (null) rather than assumed false.
- Terms of use broadly exclude liability for data loss/corruption ("We will not be liable to you in respect of any loss or corruption of any data, database or software"), which is a meaningful risk-shifting term buyers should be aware of, especially for the free tier.
- Single-region hosting (AWS US-East-1) with no documented EU/UK data residency option may be a blocker for EU customers with strict residency requirements despite GDPR-consistent policy language.
- Legal entity (Video Puppet Limited, UK company no. 11590207) is confirmed consistent across the privacy policy and terms pages, so no identity-conflation risk was found, but this should be reconfirmed if the vendor rebrands again.
// At a glance
Pricing model
Freemium pay-as-you-go: free tier with usage limits and no commercial rights, then one-time top-up minute packages (30 to 10,000 minutes, cheaper per-minute at higher volumes); custom pricing for over 10,000 minutes; no distinct enterprise tier with SLA or dedicated support documented
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Video Puppet Limited (trading as Narakeet)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
narakeet.com