// Trust & Security Report
Repurpose.io
Automated content repurposing and cross-platform distribution SaaS for creators, small businesses, e-commerce brands, and agencies. Single product line (Starter / Pro / Agency pricing tiers) that resizes, removes watermarks from, schedules, and publishes video/image/Stories content across TikTok, Instagram, Facebook, YouTube, Snapchat and other social platforms.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: repurpose.ioNo public evidence of SOC 2 certification found on the vendor's site (home page, Privacy Policy, or Terms of Service); no trust center exists.
source: repurpose.ioNo public evidence of ISO 27001 certification found on the vendor's site; no trust center exists.
source: repurpose.ioThe Privacy Policy does not mention GDPR, EU data subject rights, or an EU legal basis for processing anywhere in the document. The Terms of Service reference compliance with Canadian privacy law (PIPEDA) but not GDPR.
source: repurpose.ioNo mention of HIPAA, Business Associate Agreements, or healthcare data handling anywhere on the vendor's site. Product is a consumer/creator social-media tool, not built for regulated health data.
source: support.repurpose.ioNo public evidence of PCI DSS certification. Support content indicates payment card data is handled by Stripe as payment processor rather than stored by Repurpose.io directly, which is a common and reasonable startup pattern but is not itself a PCI DSS certification held by the vendor.
source: repurpose.ioNo public evidence of an AI governance certification on the vendor's domain.
source: repurpose.ioNo public evidence of CSA STAR or CSA STAR AI registration on the vendor's domain.
source: repurpose.ioNo public evidence of FedRAMP authorization; product is not marketed to US federal agencies.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not specified on the vendor's site; no data residency or regional hosting options are documented.
Terms of Service state: 'Repurpose will not use your content for purposes such as AI training unless you explicitly opt in through a separate consent process.' There is a separate, opt-in-only 'AI Content Licensing Program': 'Opt-In Required. To participate, Users must affirmatively opt in through a clearly presented mechanism,' and by opting in a user 'grant[s] Repurpose.io and its third-party partners a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, modify, distribute, publicly display, perform, and create derivative works of Your User Content for purposes of training artificial intelligence models and for any related lawful commercial purposes.' Default posture (no opt-in) is no AI training on customer content; the opt-in license, if taken, is very broad (perpetual, irrevocable) and worth flagging to prospective users.
// Security controls
Encryption in transit
SSL encryption used to protect information transmitted through the site ('We use SSL encryption to protect sensitive information online').
repurpose.ioCredential storage
Connected third-party platform credentials are stored encrypted in the database ('We store credentials encrypted in our database').
repurpose.ioAccount authentication
Users connect social accounts via official platform OAuth flows ('Connect with TikTok', 'Connect with YouTube') rather than sharing passwords directly with Repurpose.io; minimum 12-character password policy and forced logout of all sessions on password change, per vendor help center.
support.repurpose.ioPayment data handling
No credit card data stored on Repurpose.io servers; Stripe is used as the payment processor.
support.repurpose.ioVulnerability disclosure
Security issues can be reported to support@repurpose.io for priority handling; no formal bug bounty or published disclosure policy found.
repurpose.ioData retention
Personal information is retained 'for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.'
repurpose.io// Products & data scope
data: Uploaded/synced videos, images, Stories, and captions; connected social account OAuth tokens (TikTok, Instagram, Facebook, YouTube, Snapchat, etc.); basic account/contact PII (name, email, phone, address) for billing and support.
Single-tier product family differentiated only by number of connected social accounts and publish volume, not by security/compliance posture. No enterprise, API-only, or self-hosted tier found.
// What to watch
- No trust center, no SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR-specific, or AI-governance certification could be found anywhere on the vendor's domain despite multiple targeted searches (site + help center) — this is consistent with a growth-stage consumer/SMB tool rather than an over-claim, but AIFOXX should show no compliance badges for this vendor.
- Privacy Policy does not reference GDPR or EU data subject rights at all, and does not mention a Data Processing Agreement (DPA) — GDPR posture should be listed as unconfirmed/not addressed, not assumed compliant, even though the vendor likely has EU users.
- The opt-in 'AI Content Licensing Program' grants a perpetual, irrevocable, worldwide license to use content for AI model training once a user opts in — default behavior is no training, but this should be surfaced clearly since the license terms are broad and the trigger is a UI opt-in that users could click without reading closely.
// At a glance
Pricing model
Flat-rate subscription tiers (Starter $35/mo, Pro $79/mo, Agency $179/mo, billed monthly or yearly) based on number of connected accounts per platform; 14-day free trial.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Repurpose.io's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
repurpose.io