// Trust & Security Report
Affogato AI, Inc. (formerly RenderNet)
AI image and video generation studio: 170+ third-party image/video models (Sora 2 Pro, Veo 3.1, Kling, Nano Banana Pro, FLUX.2, etc.) in one workspace, with character-consistency ('FaceLock'), face swap, upscaling, and lipsync tools; the same company also ships an Affogato short-form ad/UGC video agent product for TikTok, Reels and Shorts.
Certifications held
1
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on affogato.ai“"The policy references GDPR as applicable law and outlines legal bases for processing (contract performance, legitimate interests, consent). Users have standard GDPR rights including access, correction, deletion, and objection."”
> Show 8 unconfirmed / not-held certifications
source: affogato.aiNo public evidence. No SOC 2 report, badge, or mention found on affogato.ai, its privacy policy, terms of service, or docs.rendernet.ai; no trust center exists.
source: affogato.aiNo public evidence. Not referenced anywhere on the vendor's own domain.
source: affogato.aiNo public evidence. No BAA, HIPAA, or healthcare-compliance language found on the site; the product is a creative/marketing tool, not positioned for regulated health data.
source: affogato.aiNo public evidence. Payments are handled via Stripe (a PCI DSS Level 1 provider) per the subprocessor list, but Affogato itself makes no PCI DSS claim.
source: affogato.aiNo public evidence found on the vendor's own domain.
source: affogato.aiNo public evidence. No AI-governance certification referenced anywhere on affogato.ai.
source: affogato.aiNo public evidence found on the vendor's own domain.
source: affogato.aiNo public evidence; not applicable to this consumer/SMB-facing creative tool.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Hosted on Google Cloud Platform; policy states data "may be processed internationally, including the US, with standard contractual clauses as safeguards" for international transfers.
Privacy policy states: "We do not use the private content you generate to train foundational models without your explicit opt-in." It separately notes that content published to public galleries may be used for service demonstrations. No standalone DPA document or DPA request flow was found on the site; enterprise customers would need to request one directly.
// Security controls
Encryption in transit and at rest
"We use encryption in transit and at rest, access controls, and regular reviews to protect your data." No third-party audit or certification backs this claim.
affogato.aiBreach notification
Policy commits to breach notification "as legally required"; no specific SLA disclosed.
affogato.aiSubprocessors
Disclosed subprocessors: Google Cloud, Firebase, Stripe, Fal.ai, Anthropic, PostHog, Amplitude, Sentry, HubSpot.
affogato.aiTrust center / independent audit page
None found. No SafeBase, Vanta, Drata, or Trust portal detected for this vendor.
affogato.ai// Products & data scope
data: User-uploaded reference images, prompts, generated images/video, character/identity data used for face-lock/consistency features.
Core rebranded product; aggregates 170+ third-party model providers (OpenAI, Google, ByteDance, Kling, etc.), meaning generated content may pass through multiple upstream model vendors, each with their own data-handling terms not detailed on Affogato's own site.
data: Product/brand assets, scripts, likeness data for AI presenter/UGC-style videos, for TikTok/Reels/Shorts ad creation.
Launched via Y Combinator (S21 batch reference in YC listings); same legal entity and privacy/terms documents as the core studio product.
// What to watch
- Identity note (not a conflation risk once verified): the evidence file's URL/name (affogato.ai / 'Affogato AI') differs from the slug 'rendernet-ai' because the vendor rebranded from RenderNet to Affogato in 2026; rendernet.ai now redirects to affogato.ai and docs.rendernet.ai still hosts the API reference labeled 'Affogato (prev. RenderNet)'. Confirmed via multiple independent sources (Toolify, G2, YC, docs subdomain) before grading.
- No SOC 2, ISO 27001, HIPAA, or any independent third-party certification found anywhere on the vendor's own domain; this is a small (~15-employee) YC-backed startup with only a privacy policy and terms, which is normal for this stage and should not be penalized, but also should not be listed with implied enterprise-grade compliance.
- No dedicated trust center or DPA self-serve flow found; enterprise buyers needing a signed DPA or security questionnaire responses will need to contact the vendor directly.
- Security claims (encryption in transit/at rest, access controls) are self-reported in the privacy policy with no independent audit backing them.
- Product routes user content through 170+ third-party AI models (OpenAI, Google, ByteDance, etc.); the vendor's own privacy policy does not itemize per-model data flow or retention terms for these upstream providers.
// At a glance
Pricing model
Subscription / credit-based SaaS.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Affogato AI, Inc. (formerly RenderNet)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
affogato.ai