// Trust & Security Report
Regie.ai, Inc.
AI sales engagement platform (RegieOne) unifying AI-driven prospecting agents, an AI dialer, email/social sequencing, enrichment, and signal-based orchestration for B2B go-to-market teams.
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on regie.ai“"The platform complies with several industry-recognized security standards, including SOC 2 and AppExchange security certifications." A SOC 2 badge also appears in the site footer on the Privacy Policy, Terms and Conditions, and Why Regie pages. The report type (Type 1 vs Type 2) and the Trust Services Criteria covered are not stated anywhere on the vendor's own site.”
Verify on regie.ai“"Regie.ai operates as a data processor, while its customers act as data controllers... Regie.ai maintains detailed records of processing activities to support its customers in their compliance efforts... Regie.ai maintains a fixed and transparent list of sub-processors involved in data processing activities [and] the list is available upon request." This is a compliance posture/program, not a third-party GDPR "certification" (no such formal certification scheme exists under GDPR itself).”
> Show 6 unconfirmed / not-held certifications
source: regie.aiNo mention of ISO 27001 anywhere on Regie.ai's own site (gdpr page, privacy policy, terms, why-regie, homepage). A third-party listicle-style site (Nudge Security's auto-generated "security profile") claims Regie.ai is "ISO 27001 Compliant" with no methodology or sourcing disclosed and no link to vendor-domain evidence; this does not meet the vendor-domain-proof bar and is treated as unverified.
source: regie.aiNo HIPAA mention on any Regie.ai-owned page. Only third-party claim (unsourced Nudge Security profile) asserts "HIPAA Compliant" - not corroborated on the vendor's own domain, so graded not held.
source: regie.aiNo PCI DSS mention on Regie.ai's own site. Regie.ai is a B2B sales engagement tool with no evident payment-card processing surface; only an unsourced third-party profile claims "PCI Compliant" with no vendor-domain corroboration.
source: regie.aiNo FedRAMP mention on Regie.ai's own site and no listing in the FedRAMP Marketplace found. Only an unsourced third-party profile claims "FedRamp Compliant"; not corroborated on the vendor's own domain.
source: regie.aiNo CSA STAR mention on Regie.ai's own site, and Regie.ai does not appear in the CSA STAR Registry search. Only an unsourced third-party profile claims "CSA Star Level 1 Compliant"; not corroborated on the vendor's own domain.
source: regie.aiNo public evidence. Not mentioned on any Regie.ai-owned page or in any credible third-party source found.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
not disclosed - no data center location, region, or residency commitment found on any Regie.ai-owned page
Privacy Policy explicitly states: "Regie.ai does not use any data, including data obtained through Google Workspace APIs, to train generalized AI or machine learning models" and "does not retain user data obtained through Workspace APIs for developing, improving, or training generalized AI or ML models." However, this no-training commitment is worded specifically around Google Workspace API data; the Terms and Conditions separately reserve a broader right for Regie.ai to "use such information and data to improve and enhance the Services" when in "aggregate or other de-identified forms," which is a different (and looser) standard than a blanket no-training promise across all customer data. Net: opt-out/scope details for non-Workspace customer data are not confirmed, hence null overall with a flag.
// Security controls
Encryption in transit and at rest
"Your data is encrypted both in transit and at rest using industry-standard encryption protocols."
regie.aiAccess control
"Only authorized personnel with a legitimate business need have access to your data, protected by role-based permissions."
regie.aiMFA for internal accounts
"Multi-Factor Authentication (MFA): Required for internal administrative accounts."
regie.aiMonitoring & incident response
"Our systems are monitored 24/7 for threats, and we have an incident response plan."
regie.aiBreach notification
GDPR page states processor-to-controller breach notification within 30 days; privacy policy states affected users are notified "within the legally required timeframe."
regie.aiData subject rights contact
"Data subjects can request to access, change, or delete their data by contacting ciso@regie.ai."
regie.ai// Products & data scope
data: CRM contact/account data, prospect enrichment data, email/call/social engagement data
Unifies AI agent and human rep task orchestration in one workflow; no separate security posture published versus the base platform.
data: Prospect/contact records, intent and behavioral signal data, generated message content
Feature set within RegieOne; no distinct compliance documentation found.
data: Call recordings/metadata, lead prioritization signals
Customer testimonial references call volume increases; no dedicated security/compliance page found for call recording handling, retention, or consent capture.
// What to watch
- No trust center: Regie.ai has no dedicated /trust or /security page (regie.ai/security returns 404) and no Vanta/Drata/SecurityScorecard-style trust portal. All compliance claims are scattered across the /gdpr page, privacy policy, and footer badges.
- SOC 2 claim lacks specificity: vendor never states Type 1 vs Type 2, audit date, or which Trust Services Criteria are covered - just a badge and a general sentence.
- Over-claim risk from third-party aggregator: a Nudge Security "security profile" page (non-vendor domain, no disclosed methodology) lists Regie.ai as compliant with SOC 2, PCI, HIPAA, GDPR, ISO 27001, FedRAMP, and CSA STAR simultaneously - a pattern typical of auto-generated/templated vendor profiles rather than verified findings. Only SOC 2 and a GDPR posture are corroborated on Regie.ai's own domain; the rest (ISO 27001, HIPAA, PCI DSS, FedRAMP, CSA STAR) were graded held=false because they could not be confirmed on the vendor's own site.
- AI-training scope ambiguity: the privacy policy's no-training promise is explicitly scoped to Google Workspace API data, while the Terms and Conditions separately reserve a right to use de-identified/aggregate customer data to "improve and enhance the Services." It is not confirmed whether this broader clause includes any form of model training/fine-tuning.
- No data residency/region disclosed anywhere on the vendor's site.
- DPA availability not explicitly documented; only a sub-processor list is mentioned as "available upon request," with no direct DPA request path shown.
// At a glance
Pricing model
Demo/quote-based (no public self-serve pricing found; site funnels to "Get a demo")
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Regie.ai, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
regie.ai