// Trust & Security Report

    VOX AI Inc. (DBA Sharly AI) logo

    VOX AI Inc. (DBA Sharly AI)

    Sharly AI - single AI research/document assistant product (summarize, compare, cite, chat across documents) sold in tiered plans: Free, Pro, Team, and Business/Enterprise, with the Business tier adding SSO/SAML, admin controls, audit logs, and "private deployments"

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    "SOC 2 Type II" appears only as an unlinked bullet point under a "Get compliance ready" / security feature list on the Business-tier pricing and product pages. No audit report, auditor name, badge, or trust-center link substantiates the claim anywhere on the domain, and no independent trust portal (Vanta/Drata/SafeBase) could be found for Sharly AI.

    source: sharly.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence: ISO 27001 is not mentioned on the security-and-privacy page, product page, pricing page, or in web search results for the domain.

    source: sharly.ai
    GDPR
    NOT CONFIRMED

    No public evidence of an explicit GDPR compliance statement, EU representative, or DPA link on any accessible vendor page. The vendor's own /privacy legal page exists but its full text could not be rendered by automated tooling (client-rendered app shell only), so GDPR posture could not be directly confirmed from the policy text itself.

    source: sharly.ai
    HIPAA
    NOT CONFIRMED

    No public evidence: HIPAA, BAA, or PHI handling is not mentioned on any accessible vendor page (security-and-privacy, product, pricing, or use-cases).

    source: sharly.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence and not obviously applicable; no direct card-payment handling claims found (billing is likely handled by a third-party processor, unconfirmed).

    source: sharly.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence found on any accessible vendor page.

    source: sharly.ai
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence found on any accessible vendor page.

    source: sharly.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence found on any accessible vendor page.

    source: sharly.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence found; product is not marketed toward US federal customers.

    source: sharly.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not specified on any accessible page. "Data residency" is listed only as an unelaborated Business-tier feature bullet on the pricing/product pages, with no named regions or hosting locations disclosed.

    Vendor's own security page states broadly: 'Sharly employs models that strictly prohibit the use of input data for any model re-training purposes,' with no visible free-vs-paid carve-out on that page. However, an independent third-party summary associated the 'no training' guarantee specifically with paid plans, which could not be corroborated or ruled out directly on sharly.ai because the full legal privacy policy text was not renderable by automated tooling. Treat the free-tier training posture as unconfirmed.

    // Security controls

    Encryption at rest

    AES-256 for data and chats at rest

    sharly.ai

    Encryption in transit

    TLS 1.3 (with AES-256) in transit

    sharly.ai

    Access control

    Row-level access controls segregating data by workspace and organization; role-based permissions on Team/Business plans

    sharly.ai

    SSO / SAML

    SSO/SAML available on the Business plan

    sharly.ai

    Data retention

    Data is automatically deleted if the account is inactive for over 30 days

    sharly.ai

    PII handling

    System scans for personally identifiable information in real time and removes it

    sharly.ai

    Audit logging

    Activity logs / audit logs track operations for accountability; version history available on Business plan

    sharly.ai

    Scoped answer mode

    "Docs-only" answer mode restricts responses to only the user's uploaded documents, keeping reasoning private

    sharly.ai

    // Products & data scope

    Sharly AI (Free / Pro / Team)AI document research assistant (self-serve SaaS)

    data: User-uploaded documents and connected sources (PDF, DOCX, XLSX, PPTX, links, Google Docs, Notion)

    No SSO, no admin/audit-log features documented; standard AES-256/TLS 1.3 encryption applies across tiers per vendor claims.

    Sharly AI BusinessAI document research assistant (enterprise tier)

    data: Same document/source scope as lower tiers, plus team workspaces and shared knowledge

    Adds admin dashboard, role-based access, version history/audit logs, SSO/SAML, and "private deployments." Also the only tier where the unverified 'SOC 2 Type II' bullet and 'data residency' are listed as features.

    // What to watch

    • Over-claim risk: 'SOC 2 Type II' is listed as a bare feature bullet on the /product and /pricing pages (Business tier) with no trust center, no audit report, no auditor name, and no badge anywhere on the domain, and no listing on any third-party trust-center directory (Vanta, Drata, SafeBase). Recommend treating this as unverified, not as a held certification, until Sharly provides a report or trust-center link.
    • No dedicated trust/security center exists; compliance claims are scattered marketing bullets rather than a documented, auditable program.
    • Full text of the /privacy and /terms legal pages could not be rendered by automated tooling (the site serves a client-rendered app shell for these routes), so GDPR posture, DPA availability, and any sub-processor list could not be directly verified from the policy text itself despite the pages existing.
    • Possible tier-based inconsistency in the 'no training on customer data' claim: the vendor's own security page states a blanket no-retraining policy, but an independent third-party summary associated the no-training guarantee specifically with paid plans; the free-tier training posture is unconfirmed.
    • "Private deployments" on the Business tier is ambiguous marketing language; it was not confirmed whether this means true on-prem/VPC self-hosting or simply a dedicated multi-tenant cloud instance.

    // At a glance

    Pricing model

    Freemium SaaS: Free; Pro ~$12.50/seat/mo (billed yearly); Team ~$24/seat/mo up to 100 seats (billed yearly); Business is custom-priced, contact sales

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on VOX AI Inc. (DBA Sharly AI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    sharly.ai

    > Browse all vendor trust reports