// Trust & Security Report
VOX AI Inc. (DBA Sharly AI)
Sharly AI - single AI research/document assistant product (summarize, compare, cite, chat across documents) sold in tiered plans: Free, Pro, Team, and Business/Enterprise, with the Business tier adding SSO/SAML, admin controls, audit logs, and "private deployments"
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: sharly.ai"SOC 2 Type II" appears only as an unlinked bullet point under a "Get compliance ready" / security feature list on the Business-tier pricing and product pages. No audit report, auditor name, badge, or trust-center link substantiates the claim anywhere on the domain, and no independent trust portal (Vanta/Drata/SafeBase) could be found for Sharly AI.
source: sharly.aiNo public evidence: ISO 27001 is not mentioned on the security-and-privacy page, product page, pricing page, or in web search results for the domain.
source: sharly.aiNo public evidence of an explicit GDPR compliance statement, EU representative, or DPA link on any accessible vendor page. The vendor's own /privacy legal page exists but its full text could not be rendered by automated tooling (client-rendered app shell only), so GDPR posture could not be directly confirmed from the policy text itself.
source: sharly.aiNo public evidence: HIPAA, BAA, or PHI handling is not mentioned on any accessible vendor page (security-and-privacy, product, pricing, or use-cases).
source: sharly.aiNo public evidence and not obviously applicable; no direct card-payment handling claims found (billing is likely handled by a third-party processor, unconfirmed).
source: sharly.aiNo public evidence found on any accessible vendor page.
source: sharly.aiNo public evidence found on any accessible vendor page.
source: sharly.aiNo public evidence found; product is not marketed toward US federal customers.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not specified on any accessible page. "Data residency" is listed only as an unelaborated Business-tier feature bullet on the pricing/product pages, with no named regions or hosting locations disclosed.
Vendor's own security page states broadly: 'Sharly employs models that strictly prohibit the use of input data for any model re-training purposes,' with no visible free-vs-paid carve-out on that page. However, an independent third-party summary associated the 'no training' guarantee specifically with paid plans, which could not be corroborated or ruled out directly on sharly.ai because the full legal privacy policy text was not renderable by automated tooling. Treat the free-tier training posture as unconfirmed.
// Security controls
Access control
Row-level access controls segregating data by workspace and organization; role-based permissions on Team/Business plans
sharly.aiPII handling
System scans for personally identifiable information in real time and removes it
sharly.aiAudit logging
Activity logs / audit logs track operations for accountability; version history available on Business plan
sharly.aiScoped answer mode
"Docs-only" answer mode restricts responses to only the user's uploaded documents, keeping reasoning private
sharly.ai// Products & data scope
data: User-uploaded documents and connected sources (PDF, DOCX, XLSX, PPTX, links, Google Docs, Notion)
No SSO, no admin/audit-log features documented; standard AES-256/TLS 1.3 encryption applies across tiers per vendor claims.
data: Same document/source scope as lower tiers, plus team workspaces and shared knowledge
Adds admin dashboard, role-based access, version history/audit logs, SSO/SAML, and "private deployments." Also the only tier where the unverified 'SOC 2 Type II' bullet and 'data residency' are listed as features.
// What to watch
- Over-claim risk: 'SOC 2 Type II' is listed as a bare feature bullet on the /product and /pricing pages (Business tier) with no trust center, no audit report, no auditor name, and no badge anywhere on the domain, and no listing on any third-party trust-center directory (Vanta, Drata, SafeBase). Recommend treating this as unverified, not as a held certification, until Sharly provides a report or trust-center link.
- No dedicated trust/security center exists; compliance claims are scattered marketing bullets rather than a documented, auditable program.
- Full text of the /privacy and /terms legal pages could not be rendered by automated tooling (the site serves a client-rendered app shell for these routes), so GDPR posture, DPA availability, and any sub-processor list could not be directly verified from the policy text itself despite the pages existing.
- Possible tier-based inconsistency in the 'no training on customer data' claim: the vendor's own security page states a blanket no-retraining policy, but an independent third-party summary associated the no-training guarantee specifically with paid plans; the free-tier training posture is unconfirmed.
- "Private deployments" on the Business tier is ambiguous marketing language; it was not confirmed whether this means true on-prem/VPC self-hosting or simply a dedicated multi-tenant cloud instance.
// At a glance
Pricing model
Freemium SaaS: Free; Pro ~$12.50/seat/mo (billed yearly); Team ~$24/seat/mo up to 100 seats (billed yearly); Business is custom-priced, contact sales
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on VOX AI Inc. (DBA Sharly AI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
sharly.ai