// Trust & Security Report

    Prezi, Inc. logo

    Prezi, Inc.

    Prezi is an AI-assisted presentation platform. Core products: Prezi AI (prompt-to-deck generator, the surface captured in evidence), Prezi Present (classic zooming-canvas presentations), Prezi Video, and Prezi Design, sold as Individual/Pro and Team/Business tiers. Prezi, Inc. also owns Infogram, a separate infographic/data-visualization product with its own privacy policy addendum, not assessed here.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    We've successfully undergone an independent, external, third-party audit and obtained a SOC 2 Type 2 report on Security for Prezi ... The report is available upon request to Prezi Business subscribers who sign a non-disclosure agreement.

    Verify on prezi.com
    GDPR (posture, not a certification)
    HELD

    Prezi complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)... To comply with the General Data Protection Regulation (defined below), the Parties are required to enter into this DPA.

    Verify on prezi.com
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence: ISO 27001 is not mentioned on Prezi's security page, privacy policy, or any other vendor-domain page found. Only Prezi's underlying cloud infrastructure provider is described as holding 'industry-recognized certifications (SOC, PCI, FedRAMP, ISO and more)' - that is the host's certification, not Prezi's own.

    source: prezi.com
    HIPAA
    NOT CONFIRMED

    Prezi's security page states its cloud infrastructure provider is 'compliant with numerous regulations and privacy standards (EU General Data Protection Regulation, HIPAA, GLBA, HITECH)' - this describes the hosting provider's compliance, not a Prezi-issued HIPAA attestation or BAA offering. No public evidence Prezi itself offers a Business Associate Agreement.

    source: prezi.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of a Prezi-held PCI DSS attestation. Only the cloud infrastructure provider is described as holding a PCI certification (host-level, not Prezi's own payment handling).

    source: prezi.com
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence. Not mentioned on any Prezi vendor-domain page found.

    source: prezi.com
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not mentioned on any Prezi vendor-domain page found.

    source: prezi.com
    FedRAMP
    NOT CONFIRMED

    Not applicable / no public evidence for Prezi itself; only its cloud infrastructure provider is described as FedRAMP-certified at the hosting layer.

    source: prezi.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Not specified on vendor pages found; Prezi participates in the EU-U.S., UK, and Swiss-U.S. Data Privacy Frameworks and offers a GDPR-oriented Data Processing Agreement with EU Standard Contractual Clauses, implying cross-border (US-hosted, EU-accessible) data transfer rather than strict EU-only residency.

    Prezi's privacy policy distinguishes Public vs Private User Content. Public Content marked 'reusable' may be shared with AI third-party partners to train their models: 'we may share this content (excluding your username) with our AI third-party partners who may use this content for their own commercial purposes, including ... to train and improve their AI algorithms and models.' Separately, Prezi states a broader right to use Public User Content to train its own Prezi AI: 'Prezi has the right to use your Public User Content (excluding your username) to train our algorithms, models, and AI products and services, to develop, improve and provide our Services, including Prezi AI.' Private content is described as user-controlled via privacy settings, and Prezi also states it 'may analyze your Public User Content (including any Personal Data you choose to include therein) and related data to train our algorithms, models and AI products and services.' No explicit per-tier (free vs Business) opt-out of AI training was found on the privacy policy; users control training exposure primarily by keeping content set to Private rather than Public/reusable. Flagged for follow-up since a Business-tier-specific training opt-out is common among competitors and was not confirmed present or absent here.

    // Security controls

    Encryption in transit

    TLS encryption between Prezi client and server using 2048-bit RSA public keys with SHA256+RSA signature algorithm, terminated at load balancers with automatic certificate issuance.

    prezi.com

    Encryption at rest

    Critical customer data (Prezi XMLs and media assets) created after February 2018 is encrypted server-side with AES-256; encryption keys are managed by the cloud infrastructure provider.

    prezi.com

    Monitoring / SIEM

    A SIEM solution collects, processes, and correlates logs from cloud infrastructure, nodes, and applications; a security team operates as a security operations center for internal/external threat monitoring.

    prezi.com

    Cloud infrastructure compliance (host, not Prezi)

    Prezi's third-party cloud provider is described as compliant with GDPR, HIPAA, GLBA, HITECH and holding SOC, PCI, FedRAMP, and ISO certifications at the hosting layer.

    prezi.com

    Data sale

    "We will not sell Your Personal Data and have not sold any Personal Data in the preceding 12 months."

    prezi.com

    // Products & data scope

    Prezi AIAI presentation generator

    data: User prompts, uploaded files (PDF/PPT/DOC), and generated presentation content; Public content marked reusable may be used for AI training per privacy policy.

    Prezi Present / Prezi Business (Teams)Presentation software, team collaboration

    data: Team presentations, brand assets, sharing/collaboration permissions.

    SOC 2 Type II report is available specifically to Prezi Business subscribers under NDA, per the security page - a tier-gated compliance artifact worth noting for listing.

    InfogramData visualization / infographics (separate acquired product)

    data: Not assessed in this evidence pull; has its own privacy policy page referenced alongside Prezi's.

    Same corporate parent (Prezi, Inc.) but a distinct product surface; out of scope for this assessment beyond noting its existence.

    // What to watch

    • No dedicated trust center (no trust.prezi.com or Vanta/Drata/SafeBase portal found) - compliance info lives on a marketing-style /security/ page and support articles rather than a formal trust center.
    • SOC 2 Type II report is not public; it is disclosed only to Prezi Business subscribers under NDA, so AIFOXX cannot independently verify report scope/date - list as 'vendor-attested, not independently verifiable'.
    • Host-vs-vendor ambiguity: Prezi's security page attributes GDPR/HIPAA/PCI/FedRAMP/ISO compliance to its cloud infrastructure provider, not to Prezi itself. Graded all of those as held=false for Prezi to avoid conflating host certs with vendor certs.
    • AI training on 'Public/reusable' user content is confirmed in the privacy policy; could not confirm whether a Business/Enterprise tier offers a contractual no-training guarantee (only 'keep content Private' is documented) - recommend advisor follow-up before making a training-posture claim in the listing.

    // At a glance

    Pricing model

    Freemium / subscription tiers (Individual, Pro, Business/Teams); SOC 2 report access is gated to Business subscribers under NDA.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Prezi, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    prezi.com

    > Browse all vendor trust reports