// Trust & Security Report

    Resemble AI logo

    Resemble AI

    Generative AI voice + deepfake detection platform (Generate / Verify / Detect)

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    Resemble AI is fully GDPR compliant, with clear data processing practices and privacy-by-design principles built into our platform.

    Verify on trust.resemble.ai
    HIPAA
    HELD

    Resemble AI is HIPAA compliant, maintaining the safeguards required to handle protected health information responsibly.

    Verify on trust.resemble.ai
    > Show 2 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    Resemble AI is currently in our SOC 2 Type 2 observation period. Our full audit report is expected to be available in August 2026.

    source: trust.resemble.ai
    ISO 27001
    NOT CONFIRMED

    We are actively undergoing ISO 27001 certification and expect to be certified by the end of July 2026.

    source: trust.resemble.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States (Services hosted and operated on U.S. servers per privacy policy)

    Resemble's Ethics page commits to user ownership of voice data 'without using it to train other models or selling it to third parties,' and requires explicit consent before voice cloning. The privacy policy itself does not restate the no-training pledge, so the strongest no-train assurance lives on the Ethics/commitments page and the customer terms rather than the core privacy policy.

    // Security controls

    Third-party penetration testing

    Annual: a 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually

    trust.resemble.ai

    Bug bounty program

    None found / not advertised

    trust.resemble.ai

    Encryption at rest

    Service data is encrypted-at-rest

    trust.resemble.ai

    Encryption in transit

    Service data transmitted over the internet is encrypted-in-transit

    trust.resemble.ai

    Continuous monitoring

    Continuously monitored by Secureframe; documented controls across change management, availability, vulnerability management, incident response, network/access/physical security

    trust.resemble.ai

    Deployment options

    On-prem or in the cloud; watermarking applied 'before it leaves your infrastructure' (supports air-gapped / self-hosted enterprise deployment)

    resemble.ai

    Key subprocessors

    Anthropic (internal tooling), Cerebrium (GPU inference), Cloudflare, GitHub, Apollo, Calendly, Figma, Fireflies, Gleap; full list + documents available via trust center request

    trust.resemble.ai

    // Products & data scope

    Generate (Resemble TTS, Voice Creation, Audio, STS, Chatterbox models)Generative voice / TTS / voice cloning

    data: Customer-supplied audio and voice data used to synthesize/clone voices; watermarked at creation. Requires consent of the individual whose voice is cloned. Voice data not used to train other models or sold.

    Core legacy product line; open Chatterbox model family. Voice cloning gated by a verbal consent system.

    Verify (Resemble Identity, Watermarker, PerTh)Provenance / invisible watermarking

    data: Audio, image, and video files watermarked with a persistent invisible marker that travels with the file; can run on-prem before content leaves customer infrastructure.

    Marketed as EU AI Act compliant watermarking.

    Detect (Resemble Detect, DETECT-3B-Omni, Meetings, Intelligence, Chrome extension)Deepfake / synthetic-media detection

    data: Customer-submitted audio, image, and video analyzed for deepfake/synthetic-media signals; benchmarked against 160+ generative models.

    Used for fraud/KYC, executive-impersonation, and media-integrity use cases across finance, telco, media, healthtech, public sector.

    // What to watch

    • SOC 2 Type 2 and ISO 27001 are both in progress, not yet issued (target Aug 2026 and Jul 2026 respectively) - display as 'in progress', not 'certified'.
    • HIPAA and GDPR are vendor self-attestations on the trust center; HIPAA has no third-party certificate by nature.
    • No public bug bounty program found; security testing relies on annual third-party pen test.
    • No-training pledge is strongest on the Ethics page and terms rather than the core privacy policy.

    // At a glance

    Pricing model

    Freemium + usage/subscription (Start free, self-serve tiers) with enterprise/contact-sales and API/SDK plans

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Resemble AI's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.resemble.ai

    > Browse all vendor trust reports