// Trust & Security Report

    Brask Inc. logo

    Brask Inc.

    Rask AI: AI-powered video and audio localization and dubbing platform supporting 130+ languages. Sub-products include VoiceClone (voice cloning), Rask API (for programmatic access), and various free tools (subtitle generator, transcription, etc.)

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type II Certified - Trusted by teams with strictest security requirements. SOC 2 Type II compliant and ready for enterprise review.

    Verify on rask.ai
    GDPR
    HELD

    GDPR compliant. Rask AI operates with a closed AI environment where customer content is never used for general model training, with strict data controls and isolation policies in place.

    Verify on rask.ai
    C2PA/Content Authenticity Initiative
    HELD

    Rask AI is an officially certified member of C2PA and Content Authenticity Initiative, demonstrating our commitment to media transparency.

    Verify on rask.ai
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence found on vendor domain. ISO 27001 not mentioned in compliance pages, privacy policy, or terms of service. SOC 2 Type II is their primary information security certification.

    source: rask.ai
    HIPAA
    NOT CONFIRMED

    No public evidence found. Despite healthcare being listed as a use case on the enterprise page, there is no mention of HIPAA certification, BAA, or healthcare-specific compliance controls.

    source: rask.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    United States (AWS infrastructure with multi-region replication for disaster recovery)

    Rask AI operates a closed AI environment where customer content is never used for general model training. This is stated on the enterprise page and data protection policy. However, no explicit opt-out mechanism or granular control is mentioned in publicly available documentation.

    // Security controls

    Encryption in transit

    TLS 1.2 with AES-256 encryption (256-bit key) for HTTPS communications

    rask.ai

    Encryption at rest

    AES-256 (Advanced Encryption Standard with 256-bit key) for all databases, data stores, and file systems using Brask-managed keys

    rask.ai

    Key management

    Automated key management with rotation at least every 12 months; access controls for designated users; secure backup and storage

    rask.ai

    Data separation

    Customer data logically separated at database/datastore level using unique customer identifiers; API layer enforces separation via client authentication

    rask.ai

    Access controls

    Employee production access disabled by default; requires approval; temporary access reviewed case-by-case by security team; API authentication required

    rask.ai

    Monitoring and logging

    All access to production systems logged; Amazon CloudWatch monitoring for cloud services; activity and file integrity monitoring; vulnerability scanning; malware detection

    rask.ai

    Infrastructure

    AWS infrastructure with data replicated across multiple regions for redundancy and disaster recovery

    rask.ai

    Data retention

    Customer data retained for duration of active account; deleted project media retained for up to 30 days; within 30 days of account termination, all customer data deleted

    rask.ai

    // Products & data scope

    Rask AI Core PlatformVideo/Audio Localization & Dubbing

    data: Customer video/audio content; personal data for account management

    Web-based SaaS platform supporting 130+ languages. Includes VoiceClone feature for voice cloning in 32 languages. Closed AI environment (no customer content used for general model training).

    Rask APIProgrammatic Interface

    data: Same as core platform, accessed via API

    Allows automated video/audio translation and dubbing at scale. SOC 2 Type II and GDPR-compliant.

    // What to watch

    • ISO 27001 not held: Despite enterprise positioning, Rask AI does not appear to hold ISO 27001. This is notable for organizations requiring both SOC 2 and ISO 27001 compliance.
    • HIPAA not addressed: Healthcare is listed as a use case on the enterprise page, but no HIPAA certification or BAA is mentioned. Organizations handling health-related content should verify HIPAA eligibility directly with vendor.
    • DPA not explicitly mentioned: Terms of Service and Privacy Policy do not reference a formal Data Processing Agreement (DPA). GDPR compliance requires a DPA with customers; this may be available upon request for enterprise customers but is not publicly documented.
    • AI training policy clarity gap: While Rask states a closed AI environment with no customer data used for general model training, there is no explicit mention of an opt-out mechanism, granular controls, or specific restrictions on data use for vendor-controlled improvements.
    • Vanta trust center partially verified: Trust center URL provided (app.vanta.com/brask.ai/trust/fedkyiux0hug8sdsinpnwu) but detailed cert info could not be fully accessed. Recommend direct vendor contact or visiting Vanta portal for real-time verification.
    • Recent company (founded 2023): Rask AI was founded in 2023 by Maria Chmir and is backed by Brask Inc. While SOC 2 Type II suggests mature security practices, the company is still in growth phase. No evidence of outside funding found in public sources.

    // At a glance

    Pricing model

    Subscription-based (monthly and annual tiers, with free trial available; Creator and Creator Pro plans mentioned)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Brask Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    app.vanta.com

    > Browse all vendor trust reports