// Trust & Security Report
PathFactory Inc. (PathFactory Corp.), acquired by Kaltura
B2B content intelligence and AI-powered buyer journey platform (PathFactory Experiences, ChatFactory AI Buying Agents, PathFactory Intelligence, AI Search Optimization)
Certifications held
4
Maturity
Enterprise
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on pathfactory.com“PathFactory announced that the company has earned the rigorous SOC2 Type 2 certification ... PathFactory has committed to participating in annual SOC2 Type 2 audits to ensure its compliance is always verified and up to date. The audit was performed by a leading Big 4 accounting firm.”
Verify on pathfactory.com“PathFactory Corp. has self-certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.”
Verify on support.pathfactory.com“No ISO 27001 certification claim found on PathFactory's own security/compliance, GDPR FAQ, or press pages.”
Verify on support.pathfactory.com“No HIPAA compliance claim found; PathFactory is a B2B marketing/content engagement platform not positioned for PHI.”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States (Amazon Web Services; primary and disaster-recovery hosting plus daily backups in Virginia). Vendor HQ in Toronto, Canada; US office in Washington, DC.
ChatFactory sends content-specific data to third-party LLMs (OpenAI, Llama) for processing but contractually prohibits providers from using customer content to train their models. Quote: 'there are contractual safeguards in place to ensure that the content is secure and it is not used to train third party LLMs ... this data is neither used to train these models nor shared further.' Each customer instance is isolated and AI models are not shared across customers. Customers control which assets enter ChatFactory 'Collections'. No visitor identification or engagement data is shared with the LLM.
// Security controls
Penetration testing / vulnerability assessment
Yearly vulnerability assessment, penetration testing, web application testing, open-source testing, SAST and DAST through an industry-leading security auditing firm
pathfactory.comBug bounty program
None found (no HackerOne or Bugcrowd program disclosed on vendor domain)
support.pathfactory.comHosting / infrastructure
Amazon Web Services (AWS); per-customer instance isolation
support.pathfactory.comBackups / disaster recovery
Daily backups and GDPR-compliant disaster recovery located in Virginia
support.pathfactory.comSingle Sign-On (SSO)
Supported (SSO overview and access protection documentation available)
support.pathfactory.com// Products & data scope
data: First-party visitor engagement data (known and anonymous), behavioral/click data, content interactions; customer-uploaded marketing content and contact data per customer instructions.
Core platform. Customer determines what Personal Information is uploaded and stored; PathFactory processes only per customer instructions (processor role).
data: Customer content within curated 'Collections' is sent to third-party LLMs (OpenAI, Llama) for inference only; no visitor identification or engagement data sent to LLM; per-customer AI model isolation.
AI-specific data flow. Contractual safeguards bar LLM providers from training on customer content; data not used to train PathFactory's proprietary or third-party AI beyond the customer's own instance.
data: Aggregated and account/individual-level engagement signals tied to pipeline; integrates with CRM/MAP (Salesforce, Marketo, HubSpot, 6sense, Demandbase, ZoomInfo, etc.).
Analytics layer. Data shared with connected revenue-stack tools per customer configuration.
data: Customer content metadata for search/AI optimization.
Newer module; limited public data/compliance detail.
// What to watch
- Vendor acquired by Kaltura; long-term compliance posture and trust documentation may shift under new parent. Current evidence is PathFactory-branded and self-consistent.
- No standalone trust center portal (e.g., Vanta/SafeBase) or public SOC 2 report download; SOC 2 evidence is a press announcement plus support-page references, not a live attestation portal. Report likely available under NDA.
- Data hosting is US-only (Virginia); EU customers rely on DPF/SCCs rather than EU data residency.
- ISO 27001 and HIPAA not claimed - correctly marked unknown, not asserted.
// At a glance
Pricing model
Enterprise SaaS, subscription, sales-led (book a demo / contact sales; no public pricing)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on PathFactory Inc. (PathFactory Corp.), acquired by Kaltura's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
support.pathfactory.com