// Trust & Security Report
Resemble AI
Generative AI voice + deepfake detection platform (Generate / Verify / Detect)
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.resemble.ai“Resemble AI is fully GDPR compliant, with clear data processing practices and privacy-by-design principles built into our platform.”
Verify on trust.resemble.ai“Resemble AI is HIPAA compliant, maintaining the safeguards required to handle protected health information responsibly.”
> Show 2 unconfirmed / not-held certifications
source: trust.resemble.aiResemble AI is currently in our SOC 2 Type 2 observation period. Our full audit report is expected to be available in August 2026.
source: trust.resemble.aiWe are actively undergoing ISO 27001 certification and expect to be certified by the end of July 2026.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States (Services hosted and operated on U.S. servers per privacy policy)
Resemble's Ethics page commits to user ownership of voice data 'without using it to train other models or selling it to third parties,' and requires explicit consent before voice cloning. The privacy policy itself does not restate the no-training pledge, so the strongest no-train assurance lives on the Ethics/commitments page and the customer terms rather than the core privacy policy.
// Security controls
Third-party penetration testing
Annual: a 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually
trust.resemble.aiEncryption in transit
Service data transmitted over the internet is encrypted-in-transit
trust.resemble.aiContinuous monitoring
Continuously monitored by Secureframe; documented controls across change management, availability, vulnerability management, incident response, network/access/physical security
trust.resemble.aiDeployment options
On-prem or in the cloud; watermarking applied 'before it leaves your infrastructure' (supports air-gapped / self-hosted enterprise deployment)
resemble.aiKey subprocessors
Anthropic (internal tooling), Cerebrium (GPU inference), Cloudflare, GitHub, Apollo, Calendly, Figma, Fireflies, Gleap; full list + documents available via trust center request
trust.resemble.ai// Products & data scope
data: Customer-supplied audio and voice data used to synthesize/clone voices; watermarked at creation. Requires consent of the individual whose voice is cloned. Voice data not used to train other models or sold.
Core legacy product line; open Chatterbox model family. Voice cloning gated by a verbal consent system.
data: Audio, image, and video files watermarked with a persistent invisible marker that travels with the file; can run on-prem before content leaves customer infrastructure.
Marketed as EU AI Act compliant watermarking.
data: Customer-submitted audio, image, and video analyzed for deepfake/synthetic-media signals; benchmarked against 160+ generative models.
Used for fraud/KYC, executive-impersonation, and media-integrity use cases across finance, telco, media, healthtech, public sector.
// What to watch
- SOC 2 Type 2 and ISO 27001 are both in progress, not yet issued (target Aug 2026 and Jul 2026 respectively) - display as 'in progress', not 'certified'.
- HIPAA and GDPR are vendor self-attestations on the trust center; HIPAA has no third-party certificate by nature.
- No public bug bounty program found; security testing relies on annual third-party pen test.
- No-training pledge is strongest on the Ethics page and terms rather than the core privacy policy.
// At a glance
Pricing model
Freemium + usage/subscription (Start free, self-serve tiers) with enterprise/contact-sales and API/SDK plans
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Resemble AI's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.resemble.ai