// Trust & Security Report
Brask Inc.
Rask AI: AI-powered video and audio localization and dubbing platform supporting 130+ languages. Sub-products include VoiceClone (voice cloning), Rask API (for programmatic access), and various free tools (subtitle generator, transcription, etc.)
Certifications held
3
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on rask.ai“SOC 2 Type II Certified - Trusted by teams with strictest security requirements. SOC 2 Type II compliant and ready for enterprise review.”
Verify on rask.ai“GDPR compliant. Rask AI operates with a closed AI environment where customer content is never used for general model training, with strict data controls and isolation policies in place.”
Verify on rask.ai“Rask AI is an officially certified member of C2PA and Content Authenticity Initiative, demonstrating our commitment to media transparency.”
> Show 2 unconfirmed / not-held certifications
source: rask.aiNo public evidence found on vendor domain. ISO 27001 not mentioned in compliance pages, privacy policy, or terms of service. SOC 2 Type II is their primary information security certification.
source: rask.aiNo public evidence found. Despite healthcare being listed as a use case on the enterprise page, there is no mention of HIPAA certification, BAA, or healthcare-specific compliance controls.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States (AWS infrastructure with multi-region replication for disaster recovery)
Rask AI operates a closed AI environment where customer content is never used for general model training. This is stated on the enterprise page and data protection policy. However, no explicit opt-out mechanism or granular control is mentioned in publicly available documentation.
// Security controls
Encryption at rest
AES-256 (Advanced Encryption Standard with 256-bit key) for all databases, data stores, and file systems using Brask-managed keys
rask.aiKey management
Automated key management with rotation at least every 12 months; access controls for designated users; secure backup and storage
rask.aiData separation
Customer data logically separated at database/datastore level using unique customer identifiers; API layer enforces separation via client authentication
rask.aiAccess controls
Employee production access disabled by default; requires approval; temporary access reviewed case-by-case by security team; API authentication required
rask.aiMonitoring and logging
All access to production systems logged; Amazon CloudWatch monitoring for cloud services; activity and file integrity monitoring; vulnerability scanning; malware detection
rask.aiInfrastructure
AWS infrastructure with data replicated across multiple regions for redundancy and disaster recovery
rask.aiData retention
Customer data retained for duration of active account; deleted project media retained for up to 30 days; within 30 days of account termination, all customer data deleted
rask.ai// Products & data scope
data: Customer video/audio content; personal data for account management
Web-based SaaS platform supporting 130+ languages. Includes VoiceClone feature for voice cloning in 32 languages. Closed AI environment (no customer content used for general model training).
data: Same as core platform, accessed via API
Allows automated video/audio translation and dubbing at scale. SOC 2 Type II and GDPR-compliant.
// What to watch
- ISO 27001 not held: Despite enterprise positioning, Rask AI does not appear to hold ISO 27001. This is notable for organizations requiring both SOC 2 and ISO 27001 compliance.
- HIPAA not addressed: Healthcare is listed as a use case on the enterprise page, but no HIPAA certification or BAA is mentioned. Organizations handling health-related content should verify HIPAA eligibility directly with vendor.
- DPA not explicitly mentioned: Terms of Service and Privacy Policy do not reference a formal Data Processing Agreement (DPA). GDPR compliance requires a DPA with customers; this may be available upon request for enterprise customers but is not publicly documented.
- AI training policy clarity gap: While Rask states a closed AI environment with no customer data used for general model training, there is no explicit mention of an opt-out mechanism, granular controls, or specific restrictions on data use for vendor-controlled improvements.
- Vanta trust center partially verified: Trust center URL provided (app.vanta.com/brask.ai/trust/fedkyiux0hug8sdsinpnwu) but detailed cert info could not be fully accessed. Recommend direct vendor contact or visiting Vanta portal for real-time verification.
- Recent company (founded 2023): Rask AI was founded in 2023 by Maria Chmir and is backed by Brask Inc. While SOC 2 Type II suggests mature security practices, the company is still in growth phase. No evidence of outside funding found in public sources.
// At a glance
Pricing model
Subscription-based (monthly and annual tiers, with free trial available; Creator and Creator Pro plans mentioned)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Brask Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
app.vanta.com