// Trust & Security Report
Prezi, Inc.
Prezi is an AI-assisted presentation platform. Core products: Prezi AI (prompt-to-deck generator, the surface captured in evidence), Prezi Present (classic zooming-canvas presentations), Prezi Video, and Prezi Design, sold as Individual/Pro and Team/Business tiers. Prezi, Inc. also owns Infogram, a separate infographic/data-visualization product with its own privacy policy addendum, not assessed here.
Certifications held
2
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on prezi.com“We've successfully undergone an independent, external, third-party audit and obtained a SOC 2 Type 2 report on Security for Prezi ... The report is available upon request to Prezi Business subscribers who sign a non-disclosure agreement.”
Verify on prezi.com“Prezi complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)... To comply with the General Data Protection Regulation (defined below), the Parties are required to enter into this DPA.”
> Show 6 unconfirmed / not-held certifications
source: prezi.comNo public evidence: ISO 27001 is not mentioned on Prezi's security page, privacy policy, or any other vendor-domain page found. Only Prezi's underlying cloud infrastructure provider is described as holding 'industry-recognized certifications (SOC, PCI, FedRAMP, ISO and more)' - that is the host's certification, not Prezi's own.
source: prezi.comPrezi's security page states its cloud infrastructure provider is 'compliant with numerous regulations and privacy standards (EU General Data Protection Regulation, HIPAA, GLBA, HITECH)' - this describes the hosting provider's compliance, not a Prezi-issued HIPAA attestation or BAA offering. No public evidence Prezi itself offers a Business Associate Agreement.
source: prezi.comNo public evidence of a Prezi-held PCI DSS attestation. Only the cloud infrastructure provider is described as holding a PCI certification (host-level, not Prezi's own payment handling).
source: prezi.comNo public evidence. Not mentioned on any Prezi vendor-domain page found.
source: prezi.comNo public evidence. Not mentioned on any Prezi vendor-domain page found.
source: prezi.comNot applicable / no public evidence for Prezi itself; only its cloud infrastructure provider is described as FedRAMP-certified at the hosting layer.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Not specified on vendor pages found; Prezi participates in the EU-U.S., UK, and Swiss-U.S. Data Privacy Frameworks and offers a GDPR-oriented Data Processing Agreement with EU Standard Contractual Clauses, implying cross-border (US-hosted, EU-accessible) data transfer rather than strict EU-only residency.
Prezi's privacy policy distinguishes Public vs Private User Content. Public Content marked 'reusable' may be shared with AI third-party partners to train their models: 'we may share this content (excluding your username) with our AI third-party partners who may use this content for their own commercial purposes, including ... to train and improve their AI algorithms and models.' Separately, Prezi states a broader right to use Public User Content to train its own Prezi AI: 'Prezi has the right to use your Public User Content (excluding your username) to train our algorithms, models, and AI products and services, to develop, improve and provide our Services, including Prezi AI.' Private content is described as user-controlled via privacy settings, and Prezi also states it 'may analyze your Public User Content (including any Personal Data you choose to include therein) and related data to train our algorithms, models and AI products and services.' No explicit per-tier (free vs Business) opt-out of AI training was found on the privacy policy; users control training exposure primarily by keeping content set to Private rather than Public/reusable. Flagged for follow-up since a Business-tier-specific training opt-out is common among competitors and was not confirmed present or absent here.
// Security controls
Encryption in transit
TLS encryption between Prezi client and server using 2048-bit RSA public keys with SHA256+RSA signature algorithm, terminated at load balancers with automatic certificate issuance.
prezi.comEncryption at rest
Critical customer data (Prezi XMLs and media assets) created after February 2018 is encrypted server-side with AES-256; encryption keys are managed by the cloud infrastructure provider.
prezi.comMonitoring / SIEM
A SIEM solution collects, processes, and correlates logs from cloud infrastructure, nodes, and applications; a security team operates as a security operations center for internal/external threat monitoring.
prezi.comCloud infrastructure compliance (host, not Prezi)
Prezi's third-party cloud provider is described as compliant with GDPR, HIPAA, GLBA, HITECH and holding SOC, PCI, FedRAMP, and ISO certifications at the hosting layer.
prezi.comData sale
"We will not sell Your Personal Data and have not sold any Personal Data in the preceding 12 months."
prezi.com// Products & data scope
data: User prompts, uploaded files (PDF/PPT/DOC), and generated presentation content; Public content marked reusable may be used for AI training per privacy policy.
data: Team presentations, brand assets, sharing/collaboration permissions.
SOC 2 Type II report is available specifically to Prezi Business subscribers under NDA, per the security page - a tier-gated compliance artifact worth noting for listing.
data: Not assessed in this evidence pull; has its own privacy policy page referenced alongside Prezi's.
Same corporate parent (Prezi, Inc.) but a distinct product surface; out of scope for this assessment beyond noting its existence.
// What to watch
- No dedicated trust center (no trust.prezi.com or Vanta/Drata/SafeBase portal found) - compliance info lives on a marketing-style /security/ page and support articles rather than a formal trust center.
- SOC 2 Type II report is not public; it is disclosed only to Prezi Business subscribers under NDA, so AIFOXX cannot independently verify report scope/date - list as 'vendor-attested, not independently verifiable'.
- Host-vs-vendor ambiguity: Prezi's security page attributes GDPR/HIPAA/PCI/FedRAMP/ISO compliance to its cloud infrastructure provider, not to Prezi itself. Graded all of those as held=false for Prezi to avoid conflating host certs with vendor certs.
- AI training on 'Public/reusable' user content is confirmed in the privacy policy; could not confirm whether a Business/Enterprise tier offers a contractual no-training guarantee (only 'keep content Private' is documented) - recommend advisor follow-up before making a training-posture claim in the listing.
// At a glance
Pricing model
Freemium / subscription tiers (Individual, Pro, Business/Teams); SOC 2 report access is gated to Business subscribers under NDA.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Prezi, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
prezi.com