// Trust & Security Report

    Obviously AI, Inc. (dba Zams) logo

    Obviously AI, Inc. (dba Zams)

    Originally a no-code predictive analytics / AutoML tool ("Obviously AI"). In February 2025 the company rebranded to Zams and pivoted the product entirely: it is now an agentic "AI workers" platform for sales/GTM teams (AI workers named Evan, Iris, Nico, Nova, Atlas) that automates CRM hygiene, meeting prep, account monitoring, forecasting, and reporting across connected business tools (Salesforce, HubSpot, Slack, email, calendar, etc.). The legacy no-code AutoML product is discontinued; obviously.ai now redirects to zams.com and is kept only as an archive notice.

    Certifications held

    5

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Zams' SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

    Verify on zams.com
    HIPAA
    HELD

    Zams is HIPAA compliant, and is prepared and able to execute a standard Business Associate Agreement.

    Verify on zams.com
    GDPR (posture)
    HELD

    We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

    Verify on zams.com
    CCPA/CPRA
    HELD

    We ensure policies, processes, and controls comply with CCPA requirements.

    Verify on zams.com
    CSA STAR
    HELD

    Trust center lists CSA STAR as a compliant framework alongside SOC 2, GDPR, HIPAA, and CPRA badges.

    Verify on zams.trust.site
    > Show 5 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    The vendor's security page states only that 'All customer data is hosted in data centers that are SOC 2, ISO 27001 and HITRUST compliant' — this describes Zams' cloud host (Google Cloud) infrastructure certification, not a certification held by Zams/Obviously AI, Inc. itself. No independent ISO 27001 certificate for the vendor entity was found on the trust center.

    source: zams.com
    HITRUST
    NOT CONFIRMED

    Same host-infrastructure statement as ISO 27001 above ('data centers that are ... HITRUST compliant') — this is the cloud host's certification, not the vendor's own.

    source: zams.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence — not listed on the security page or trust center, and no independent source confirms ISO 42001 certification.

    source: zams.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification; not listed on security page or trust center. Payment processing is presumably handled by a third-party billing provider, not disclosed.

    source: zams.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization on vendor site.

    source: zams.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary hosting/processing in the United States (Google Cloud); privacy policy states 'The Services are operated in the United States' with international transfers consented to on use. Security page separately notes EU traffic is kept in-region via Cloudflare load balancing with servers in the Netherlands and UK.

    Privacy policy states plainly: 'Zams does not use Customer Data to train any proprietary or third-party AI models, including foundation models, unless explicitly authorized in writing.' No tiered exceptions or opt-in/opt-out toggle were found in public docs; the policy frames it as opt-in-only (written authorization required), not an opt-out you must remember to set.

    // Security controls

    Encryption in transit and at rest

    TLS and AES-256 encryption used for data protection.

    zams.com

    Cloud infrastructure

    Hosted in Google Cloud data centers (physically secure, 24/7 on-site security, camera surveillance per vendor).

    zams.com

    EU data residency

    Intra-European traffic stays within Europe via Cloudflare load balancing with servers in the Netherlands and UK.

    zams.com

    Session/recording data handling

    Data is sent only during active sessions and deleted afterward unless recordings are enabled.

    zams.com

    Trust center platform

    Public trust center is powered by Sprinto and gates full audit reports/documents behind a 'Request access' form; only summary compliance badges are publicly visible.

    zams.trust.site

    // Products & data scope

    Zams AI Workers (current product, formerly "Obviously AI")Agentic sales/GTM automation

    data: Connects to and acts across CRM (Salesforce, HubSpot), email, calendar, Slack, and 40+ other integrations to read/write live business data on the customer's behalf.

    Named AI workers. This is the live, actively sold product.

    Obviously AI (legacy, discontinued)No-code predictive analytics / AutoML

    data: Customer-uploaded datasets (CSV/Excel) used to build predictive models via natural-language prompts.

    The original product AIFOXX's slug name refers to. obviously.ai now redirects/archives to zams.com with a banner stating 'Obviously AI is now Zams. This site is an archive of how it operated through 2025.' Not available for new signups under the old branding.

    // What to watch

    • IDENTITY / REBRAND: The AIFOXX slug "obviously-ai" refers to a product that no longer exists under that name. Obviously AI, Inc. rebranded to Zams in February 2025 and pivoted from a no-code predictive-analytics/AutoML tool to an agentic sales-automation platform ('AI workers'). Confirmed via the vendor's own terms of use and privacy policy, which both open with 'Obviously AI, Inc. (dba. Zams)', and via obviously.ai itself, which now shows an archive banner redirecting to zams.com. This is the SAME legal entity, not a different company with a similar name, but the AIFOXX listing content (name, screenshots, description) is very likely describing a discontinued product and needs a full refresh, not just a security-metadata update.
    • HOST-VS-VENDOR CERT AMBIGUITY: The security page's ISO 27001 and HITRUST claims are phrased as properties of the underlying Google Cloud data centers ('data centers that are SOC 2, ISO 27001 and HITRUST compliant'), not certifications Zams itself holds. Graded held=false for the vendor to avoid over-claiming; only SOC 2 Type II is stated in the first person as the vendor's own report.
    • Trust center (zams.trust.site, Sprinto-powered) only shows summary compliance badges; full audit reports, SOC 2 report scope/date, and CSA STAR assessment level (self-assessment vs. third-party certified) are gated behind a 'Request access' form and were not independently verified.
    • AI-training posture is a clean, customer-favorable no-training-without-written-authorization statement in the current privacy policy; no legacy Obviously AI ToS language was found that contradicts this, but the product pivot means any older cached AIFOXX copy about the AutoML product's data handling is now stale.

    // At a glance

    Pricing model

    SaaS subscription, demo/sales-assisted onboarding ('Book a demo'); public self-serve pricing not fully disclosed on marketing site.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Obviously AI, Inc. (dba Zams)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    zams.trust.site

    > Browse all vendor trust reports