// Trust & Security Report

    Repurpose.io logo

    Repurpose.io

    Automated content repurposing and cross-platform distribution SaaS for creators, small businesses, e-commerce brands, and agencies. Single product line (Starter / Pro / Agency pricing tiers) that resizes, removes watermarks from, schedules, and publishes video/image/Stories content across TikTok, Instagram, Facebook, YouTube, Snapchat and other social platforms.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence of SOC 2 certification found on the vendor's site (home page, Privacy Policy, or Terms of Service); no trust center exists.

    source: repurpose.io
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on the vendor's site; no trust center exists.

    source: repurpose.io
    GDPR
    NOT CONFIRMED

    The Privacy Policy does not mention GDPR, EU data subject rights, or an EU legal basis for processing anywhere in the document. The Terms of Service reference compliance with Canadian privacy law (PIPEDA) but not GDPR.

    source: repurpose.io
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA, Business Associate Agreements, or healthcare data handling anywhere on the vendor's site. Product is a consumer/creator social-media tool, not built for regulated health data.

    source: repurpose.io
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification. Support content indicates payment card data is handled by Stripe as payment processor rather than stored by Repurpose.io directly, which is a common and reasonable startup pattern but is not itself a PCI DSS certification held by the vendor.

    source: support.repurpose.io
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of an AI governance certification on the vendor's domain.

    source: repurpose.io
    CSA STAR / CSA STAR AI
    NOT CONFIRMED

    No public evidence of CSA STAR or CSA STAR AI registration on the vendor's domain.

    source: repurpose.io
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization; product is not marketed to US federal agencies.

    source: repurpose.io

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not specified on the vendor's site; no data residency or regional hosting options are documented.

    Terms of Service state: 'Repurpose will not use your content for purposes such as AI training unless you explicitly opt in through a separate consent process.' There is a separate, opt-in-only 'AI Content Licensing Program': 'Opt-In Required. To participate, Users must affirmatively opt in through a clearly presented mechanism,' and by opting in a user 'grant[s] Repurpose.io and its third-party partners a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, modify, distribute, publicly display, perform, and create derivative works of Your User Content for purposes of training artificial intelligence models and for any related lawful commercial purposes.' Default posture (no opt-in) is no AI training on customer content; the opt-in license, if taken, is very broad (perpetual, irrevocable) and worth flagging to prospective users.

    // Security controls

    Encryption in transit

    SSL encryption used to protect information transmitted through the site ('We use SSL encryption to protect sensitive information online').

    repurpose.io

    Credential storage

    Connected third-party platform credentials are stored encrypted in the database ('We store credentials encrypted in our database').

    repurpose.io

    Account authentication

    Users connect social accounts via official platform OAuth flows ('Connect with TikTok', 'Connect with YouTube') rather than sharing passwords directly with Repurpose.io; minimum 12-character password policy and forced logout of all sessions on password change, per vendor help center.

    support.repurpose.io

    Payment data handling

    No credit card data stored on Repurpose.io servers; Stripe is used as the payment processor.

    support.repurpose.io

    Vulnerability disclosure

    Security issues can be reported to support@repurpose.io for priority handling; no formal bug bounty or published disclosure policy found.

    repurpose.io

    Data retention

    Personal information is retained 'for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.'

    repurpose.io

    // Products & data scope

    Repurpose.io (Starter/Pro/Agency)Content repurposing & social media automation

    data: Uploaded/synced videos, images, Stories, and captions; connected social account OAuth tokens (TikTok, Instagram, Facebook, YouTube, Snapchat, etc.); basic account/contact PII (name, email, phone, address) for billing and support.

    Single-tier product family differentiated only by number of connected social accounts and publish volume, not by security/compliance posture. No enterprise, API-only, or self-hosted tier found.

    // What to watch

    • No trust center, no SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR-specific, or AI-governance certification could be found anywhere on the vendor's domain despite multiple targeted searches (site + help center) — this is consistent with a growth-stage consumer/SMB tool rather than an over-claim, but AIFOXX should show no compliance badges for this vendor.
    • Privacy Policy does not reference GDPR or EU data subject rights at all, and does not mention a Data Processing Agreement (DPA) — GDPR posture should be listed as unconfirmed/not addressed, not assumed compliant, even though the vendor likely has EU users.
    • The opt-in 'AI Content Licensing Program' grants a perpetual, irrevocable, worldwide license to use content for AI model training once a user opts in — default behavior is no training, but this should be surfaced clearly since the license terms are broad and the trigger is a UI opt-in that users could click without reading closely.

    // At a glance

    Pricing model

    Flat-rate subscription tiers (Starter $35/mo, Pro $79/mo, Agency $179/mo, billed monthly or yearly) based on number of connected accounts per platform; 14-day free trial.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Repurpose.io's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    repurpose.io

    > Browse all vendor trust reports