// Trust & Security Report

    Quora, Inc. logo

    Quora, Inc.

    Poe - a conversational AI platform providing access to multiple third-party AI models (OpenAI, Anthropic Claude, Google Gemini, etc.) through a unified interface; supports group chats, custom bots, and creator monetization.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 6 unconfirmed / not-held certifications
    SOC 2 (Type 1 or Type 2)
    NOT CONFIRMED

    No mention of SOC 2 certification found in privacy policy, terms of service, or privacy center. No publicly available SOC 2 report located.

    source: poe.com
    ISO 27001
    NOT CONFIRMED

    No mention of ISO 27001 certification found in any publicly available Poe documentation.

    source: poe.com
    GDPR Compliance
    NOT CONFIRMED

    Privacy policy references GDPR implicitly through data subject rights language but makes no explicit GDPR compliance statement or certification claim. Policy is incorporated into broader Quora Privacy Policy.

    source: poe.com
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA compliance found. Privacy policy explicitly cautions users: 'Please exercise caution and avoid sharing sensitive personal information with the bots and apps (e.g., credit card information, social security information, etc.)'

    source: poe.com
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No mention of ISO 42001 or any AI governance certification found in public documentation.

    source: poe.com
    CSA STAR for AI
    NOT CONFIRMED

    No mention of CSA STAR or Cloud Security Alliance certifications found.

    source: poe.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    Not specified

    Poe itself does NOT train on user chats. However, third-party AI model providers (OpenAI, Anthropic, Google, Meta) may receive chat details to improve their services. Critically: third-party developers who build bots on Poe using APIs 'may view and store your chats on their servers to train their models.' Each bot displays a Privacy Shield icon (full or half-shaded) indicating whether developer training is enabled. Users should assume half-shield bots enable data training for model improvement.

    // Security controls

    Encryption in transit

    Not specified in public documentation

    poe.com

    Data anonymization

    Poe states: 'Your interactions with bots and apps are aggregated or anonymized before they are shared with AI model providers or developers.'

    poe.com

    User data deletion

    Users can delete chats and account data from Poe systems; policy states users manage memory features.

    poe.com

    Third-party data processor

    Billing processed by third-party service provider; tax information shared with tax service provider for creator payments.

    poe.com

    Security audit / penetration test

    No public evidence of third-party security audits or penetration test reports.

    // Products & data scope

    Poe - Consumer ChatConversational AI / Chatbot

    data: User chats, profile info (email, phone), device info, IP address; shared with third-party AI providers and bot developers

    Free with optional paid subscription. Access to multiple AI models via unified interface. Data shared with third-party AI providers for service improvement. Developer bots may enable model training on user data.

    // What to watch

    • No public security certifications or trust center. Poe does not publicly disclose SOC 2, ISO 27001, GDPR compliance, or HIPAA status.
    • Critical data handling: third-party developers can access and train AI models on user chat data. While Poe officially does not train on chats, the platform enables third-party training through bot developer APIs.
    • Privacy Shield icons (full vs. half shield) indicate training scope, but users must manually inspect each bot. Default assumption should be that half-shield bots enable training.
    • Data region and encryption details not publicly disclosed.
    • HIPAA explicitly discouraged: privacy policy warns users not to share sensitive information (credit card, SSN), indicating non-compliance with HIPAA standards.
    • No AI governance certifications (ISO 42001, CSA STAR) despite operating in AI sector.
    • Quora Privacy Policy is incorporated by reference but not captured in this assessment; AIFOXX should review parent policy for enterprise customers.

    // At a glance

    Pricing model

    Freemium (free tier + paid subscription with message limits/points)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Quora, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    poe.com

    > Browse all vendor trust reports