// Trust & Security Report
NightCafe Studio Pty Ltd
NightCafe Creator is a free-to-play AI art and image generation platform founded in 2019. Offers text-to-image, image-to-video, and fine-tuning capabilities using models like Stable Diffusion, DALL-E 3, Ideogram, and others. Community-focused with daily challenges, chat, and galleries.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on nightcafe.studio“individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679... NightCafe addresses EU/UK requirements in Appendix 1, offering data subject requests, rectification, deletion, processing restrictions”
> Show 6 unconfirmed / not-held certifications
source: creator.nightcafe.studioHome page footer states 'PCI compliant payments powered by Paddle, PayPal and Shopify'. PCI DSS compliance here is provided by the third-party payment processors (Paddle, PayPal, Shopify), not held by NightCafe itself. Card data is handled by those processors and does not touch NightCafe's own systems, so this is not a NightCafe certification. No public evidence of a NightCafe-held PCI DSS attestation.
source: nightcafe.studioNo mention in privacy policy, terms of service, or public vendor pages. Nudge Security profile lists this certification but provides no evidence or link to vendor documentation.
source: nightcafe.studioNo mention in privacy policy, terms of service, or public vendor pages. Nudge Security profile lists this certification but provides no evidence or link to vendor documentation.
source: nightcafe.studioNo mention in privacy policy or terms. Not applicable to consumer AI art generation platform.
source: nightcafe.studioNo mention in privacy policy or vendor documentation. Uncommon for small SaaS platforms not serving US federal agencies.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Australia (HQ: Cairns, AU). Uses US-based cloud infrastructure: Google Cloud, Cloudflare, Shopify, Firebase, SendGrid. Data transfers use standard contractual clauses.
NightCafe does NOT train base models on user-generated content by default. Platform models (Stable Diffusion, DALL-E 3, Ideogram, etc.) are trained on public datasets. Users may voluntarily train custom models via fine-tuning feature; those custom models remain private to the user only. Per terms: 'your customised image-generation model' and 'All Intellectual Property Rights...is transferred to you'.
// Security controls
Physical & managerial safeguards
Vendor states: 'suitable physical, electronic and managerial procedures, to safeguard and secure personal information'
nightcafe.studioSSO & 2FA
Supports Okta, Google login, Microsoft login, two-factor authentication via email and SMS
security-profiles.nudgesecurity.comData access transparency
Privacy policy does not specify data retention periods; vendors state 'cannot guarantee the security of any information that is transmitted to or by us over the Internet'
nightcafe.studio// Products & data scope
data: User account, prompts, generated images, chat room participation, transaction data. Chat content may become publicly available.
Free tier with daily free credits; PRO plans available. Users retain copyright of generated art. Base models not trained on user data.
data: Same as web, with account sync across devices (iOS, Android, web)
Cross-device synchronization via account.
data: User-supplied training images; trained model remains private to user
Optional feature. Users must warrant consent from all depicted persons. Training data cannot include minors under 18 or copyrighted material without permission. Model is user-owned.
// What to watch
- OVER-CLAIM RISK: Third-party security profile (Nudge Security) lists SOC 2, ISO 27001, HIPAA, FedRamp, CSA STAR certifications with badge logos, but NO evidence, links, or mention appear in NightCafe's own privacy policy, terms, or public security pages. Vendor likely does not hold these certifications; profile may display unverified or stale data.
- Privacy policy last updated November 23, 2023 — over 2.5 years old. May not reflect current practices or recent security changes.
- No data retention periods specified in privacy policy; no explicit statement about data deletion or retention.
- Chat room content may become publicly available per terms; users should be aware.
- Vendor states 'cannot guarantee the security of any information transmitted over the Internet' — standard disclaimer but notable.
- No dedicated security/trust center page, no published security documentation, no bug bounty program found.
- Small team (13 people reported) and growth-stage maturity; SOC 2 Type 2 audit is uncommon at this scale.
- Third-party analytics dependencies: Google Analytics, Facebook Pixel, Ezoic, Freestar — users should review consent settings.
// At a glance
Pricing model
Freemium: free tier with daily credits, optional PRO subscriptions
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on NightCafe Studio Pty Ltd's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
nightcafe.studio