// Trust & Security Report

    Star Cluster Pte. Ltd. (operating as SeaArt AI; development team reported based in Chengdu, China) logo

    Star Cluster Pte. Ltd. (operating as SeaArt AI; development team reported based in Chengdu, China)

    Consumer/prosumer generative-AI creativity platform: AI image generation, AI video generation (Seedance models), AI character chat/roleplay companions, LoRA model fine-tuning, a community feed, and a paid API for commercial image/video generation.

    Certifications held

    1

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (self-declared posture, not a certification)
    HELD

    "You have the right to access personal information we hold about you, how we use it, and who we share it with." ... "We must respond to a request by you to exercise those rights without undue delay and at least within one month."

    Verify on image.cdn2.seaart.me
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type I/II)
    NOT CONFIRMED

    No public evidence on any seaart.ai/seaart.me domain. Third-party site nudgesecurity.com displays a generic 'SOC 2 Compliant' badge with no supporting link or document; on inspection this and the other badges on that page are unverified placeholder assertions, not evidence sourced from the vendor.

    source: node1.cdn2.seaart.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence on the vendor's own domain. Same third-party badge caveat as SOC 2 above applies.

    source: node1.cdn2.seaart.ai
    HIPAA
    NOT CONFIRMED

    No public evidence on the vendor's own domain; no BAA offering, healthcare use case, or HIPAA language found anywhere in the privacy policy or terms.

    source: node1.cdn2.seaart.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence on the vendor's own domain. Payment processing is not described beyond generic 'billing/payment information' collection language.

    source: node1.cdn2.seaart.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence on the vendor's own domain; not applicable to a consumer creative-tools product with no US-government offering.

    source: node1.cdn2.seaart.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence on the vendor's own domain.

    source: node1.cdn2.seaart.ai
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence on the vendor's own domain of any AI-governance certification.

    source: node1.cdn2.seaart.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Not specified. Privacy policy only states personal information 'may be transferred...across borders...to other countries or jurisdictions around the world,' with no named regions, no data-residency options, and no Standard Contractual Clauses or transfer-mechanism language.

    Privacy policy and terms do not state whether SeaArt trains its own/foundation models on user-uploaded content or chat data, and no opt-out control is documented. The platform's 'Model Training' feature lets a user fine-tune a personal LoRA model from their own images (a product feature, not evidence of company-wide training on all user content). Terms grant SeaArt 'a worldwide, perpetual, non-exclusive, no-charge, royalty-free, sublicensable, irrevocable license to create derivative works of' user-uploaded content, which is broad enough to cover training use but is not itself an explicit training disclosure. Treat as unresolved/unknown, not as a training-free guarantee.

    // Security controls

    Encryption in transit / at rest

    Not specified. Privacy policy only states generically that 'administrative, physical and technical security measures' are implemented; no encryption standard, algorithm, or scope is documented.

    image.cdn2.seaart.me

    Biometric/facial data handling

    Facial feature data extracted from uploaded photos/videos for video-synthesis features is stated to be processed and stored locally on the user's device only, not on company servers.

    image.cdn2.seaart.me

    Account/data deletion

    Users can delete their account or remove certain personal information via account settings, or by emailing customer@seaart.ai or legal@seaart.ai. Retention is otherwise open-ended: personal information is 'kept until the end of its life cycle (except if otherwise required to be retained by applicable law).'

    image.cdn2.seaart.me

    Third-party sign-in

    Supports login via connected Google/Facebook social accounts (per privacy policy's description of imported account data); no evidence of enterprise SSO, SAML, or dedicated 2FA hardware token support on the vendor's own site.

    node1.cdn2.seaart.ai

    Content/trust & safety moderation

    Vendor states it implemented a 'multi-layered security system' (real-time AI detection, human moderation, algorithmic monitoring) following a 2024/2025 report that flagged AI-generated child-sexual-abuse-material content on the platform, which led to removal from the Google Play Store.

    pulitzercenter.org

    // Products & data scope

    AI Image GeneratorImage generation

    data: User text prompts, reference images, generated outputs

    Core free/paid product; free tier plus credit-based paid tiers

    AI Video Generator (Seedance models)Video generation

    data: User prompts, reference images/video, generated video outputs

    Higher-tier feature; marketed alongside 'Seedance 2.0 4K'

    AI Character Chat / CompanionsConversational AI / roleplay

    data: Chat conversation data, character personas, potentially NSFW/romantic roleplay content

    Consumer social/companion feature; heightened content-safety risk given prior CSAM-content removal incident on Google Play

    Model Training (LoRA fine-tuning)Custom model training

    data: User-uploaded training image datasets

    Lets a user fine-tune a personal model from their own images; distinct from, and not evidence of, foundation-model training on all user content

    APIDeveloper / commercial API

    data: Programmatic prompts and generated outputs

    Available on Professional plan and above; includes explicit commercial-use license for generated images

    // What to watch

    • A third-party site (nudgesecurity.com) displays generic 'SOC 2 / ISO 27001 / HIPAA / PCI / GDPR / FedRAMP / CSA STAR' compliance badges for SeaArt AI with no supporting links or vendor evidence; on direct inspection these are unverified placeholder assertions, not proof. Do NOT surface these as held certifications; this is a clear over-claim/host-vs-vendor style risk if copied uncritically from aggregator sites.
    • Legal entity/HQ jurisdiction is not stated on the vendor's own site in evidence gathered; third-party company databases (Crunchbase/Tracxn) indicate the operating entity is Star Cluster Pte. Ltd. (Singapore) with a development team reported in Chengdu, China. This could not be confirmed on a vendor-first-party 'About/Company' page and should be treated as unverified.
    • Terms of service grant SeaArt a perpetual, worldwide, sublicensable, irrevocable license over user-uploaded content with no documented opt-out, which is a meaningful IP/privacy caveat for a creative-content tool.
    • SeaArt AI was reportedly removed from the Google Play Store after a 2024/2025 investigative report found AI-generated child-sexual-abuse-material content hosted on the platform; vendor has since announced added content-moderation controls. This is a material trust/safety flag independent of formal security certifications and should be disclosed in any listing.
    • Privacy policy does not state whether user content or chat data is used to train SeaArt's own AI models, and provides no opt-out; treat AI-training posture as unresolved rather than assuming either way.
    • No data-residency or international-transfer-mechanism (e.g., Standard Contractual Clauses) commitment is documented.

    // At a glance

    Pricing model

    Freemium: free tier plus credit-based subscription tiers (approx. Beginner $5.99/mo, Standard $29.99/mo, Professional $59.99/mo, Master $149.99/mo per third-party pricing summaries); API billed on credits

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Star Cluster Pte. Ltd. (operating as SeaArt AI; development team reported based in Chengdu, China)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    image.cdn2.seaart.me

    > Browse all vendor trust reports