// Trust & Security Report
RiversideFM, Inc.
AI-powered platform for recording, editing, and publishing remote audio and video content (podcasts, webinars, interviews, live streams). Core products: Recording Studio, AI Editor, Live Streaming, Podcast Hosting, AI Co-Creator. Heavy AI integration across all features including transcription, auto-clips, captions, audio enhancement, and AI translation.
Certifications held
3
Maturity
Enterprise
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on riverside.com“Riverside blog: 'we've officially received our SOC 2 Type 2 audit stamp of approval.' The report 'certifies to the third-party auditors our ability to maintain the operating effectiveness of our security controls,' based on five trust service criteria: 'security, availability, processing integrity, confidentiality, and privacy.' Article last updated December 26, 2023. The AICPA SOC badge also appears on the vendor privacy policy page.”
Verify on riverside.com“Vendor business/enterprise page states: 'SOC 2 Type II and ISO 27001 compliant. End-to-end encryption on every call and recording. SSO and additional compliance options available.' Note: the privacy policy (originally cited as source) does not mention ISO 27001, and the previously claimed 'May 2022' certification date is not published on any reachable vendor-domain page.”
Verify on riverside.com“Riverside complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (DPF) as set forth by the US Department of Commerce.”
> Show 5 unconfirmed / not-held certifications
source: riverside.comNo public GDPR certification. However, Riverside complies with GDPR through EU-US Data Privacy Framework (EU-US DPF), UK Extension to EU-US DPF, and Swiss-US DPF certifications. DPA (Data Processing Addendum v4 December 2024) available at riverside.com/data-processing-addendum. Privacy Policy states compliance with 'EU GDPR, UK GDPR, Swiss Federal Data Protection Act.'
source: riverside.comNo public evidence of HIPAA certification on Riverside's domain. HIPAA mentioned only in blog posts about other recording tools' compliance, not as Riverside's own certification.
No public evidence on Riverside's domain.
source: riverside.comNo public evidence on Riverside's domain. FedRamp mentioned only in blog posts about other platforms (Webex), not as Riverside's own certification.
No public evidence on Riverside's domain.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Multi-region: United States, Canada, European Union, United Kingdom, Israel, Mexico, Argentina, Philippines. Riverside operates from Israel (EU Commission and UK Secretary of State recognize Israel as offering adequate data protection).
CONTRADICTION FLAGGED: Privacy Policy states 'Content Data may be used by Riverside for improving the Services, including for training Riverside's Artificial Intelligence (AI) and Machine Learning (ML) models.' However, search results indicate Riverside does NOT use customer content data to train their own models—only metadata. Third-party AI sub-processors (Heygen, Auphonic, Hedra, Pika) are contractually prohibited from using customer data for training. AI features are opt-in; Voice and Face Data are retained only as needed for feature delivery, then permanently destroyed. Business customers may opt-out of some AI post-production tools. The privacy policy language is potentially misleading if actual practice differs from stated policy.
// Security controls
Encryption in Transit
End-to-end encryption on every call and recording for enterprise/business customers
riverside.comSingle Sign-On (SSO)
SSO available with Okta, Microsoft Azure (Entra ID), Google Workspace for enterprise customers
riverside.comLocal Recording
Separate track recording (up to 4K video + uncompressed audio) stored locally on user device first, unaffected by internet connection
riverside.comBiometric Data Handling
Voice Data and Face Data (biometric identifiers) used only for the specific requested feature, then immediately and permanently destroyed. Not used for advertising, marketing, profiling, or sold.
riverside.comData Processing Agreement
DPA v4 (December 2024) available. Includes sub-processor list. Applicable for business and enterprise customers processing personal data.
riverside.com// Products & data scope
data: User recordings, participant data, session metadata. Local recording available.
Core product. Free plan available. Supports 4K video + uncompressed audio, multiple participants.
data: Recording content (optional use). Voice and Face Data for AI features if opted in.
Text-based editing interface. AI-powered features: Magic Clips, auto-captions, speech correction, layout auto-generation, B-roll generation. AI training policy unclear—see privacy contradiction flag.
data: Stream content, audience data, viewer metrics
HD streaming to multiple platforms simultaneously (YouTube, LinkedIn, Instagram, Twitch, etc.). Webinar-specific features: Q&A, call-ins, registration tracking, HubSpot sync.
data: Podcast metadata, subscriber data, analytics
Built-in hosting: RSS feed generation, distribution to Spotify/Apple/YouTube/etc., analytics, auto-generated transcripts, chapters, show notes.
data: User prompts, generated assets (clips, thumbnails, headlines)
Generates promotional assets (social clips, thumbnails, headlines, etc.) optimized per platform. Opt-in feature.
// What to watch
- AI TRAINING CONTRADICTION: Privacy Policy states Content Data 'may be used' for training AI/ML models, but support documentation and search results indicate Riverside does NOT use customer content data to train their own models—only metadata. Clarification needed from vendor on what 'improving Services' means in practice. If they use anonymized/aggregated data only, privacy policy language should be more precise.
- NO HIPAA CERTIFICATION: Despite third-party claims (Nudge Security), no direct evidence of HIPAA certification on Riverside's domain. HIPAA mentioned only in blog comparisons of other tools. If Riverside is HIPAA-compliant, they should document this publicly.
- NO GDPR CERTIFICATION: Riverside has GDPR compliance through DPF frameworks and DPA, but no explicit 'GDPR certified' badge. Listing should clarify 'GDPR compliant via DPA and Data Privacy Framework' rather than claiming certification.
- NO TRUST CENTER: Unlike peer enterprise tools, no dedicated trust center or security statement page found. Support article URL (https://support.riverside.com) returns 403 (likely requires authentication). Recommend vendor publish public trust center with all certs, DPA, sub-processor list.
- THIRD-PARTY CLAIMS MISMATCH: Nudge Security profile lists PCI DSS, FedRamp, CSA STAR as Riverside certifications, but no vendor-domain evidence found. Recommend vendor clarify which of these (if any) they hold.
- VOICE/FACE DATA DESTRUCTION: Privacy policy says Voice and Face Data 'immediately and permanently destroyed' after feature use. Recommend vendor specify exact retention period in days/hours for clarity.
- EU-ISRAEL DATA TRANSFERS: Riverside operates from Israel and transfers EU data there, relying on EC adequacy finding. This is valid but should be highlighted in procurement materials for data-sensitive customers.
// At a glance
Pricing model
Freemium (Free, Standard, Pro tiers). Enterprise/Business available with custom pricing. Free tier includes core recording; paid tiers unlock editing, hosting, streaming, advanced AI features.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on RiversideFM, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
riverside.com