// Trust & Security Report

    Speechify Inc. logo

    Speechify Inc.

    Consumer/prosumer voice AI: Text-to-Speech reader (web, iOS, Android, Mac, Windows, Chrome/Edge extensions), Voice Typing dictation, AI Voice Assistant, AI Podcasts, and Speechify Studio (voice cloning, dubbing, voiceover, community voices). Separate B2B/API line 'SpeechifyAI' (speechify.ai / docs.speechify.ai) offers TTS, voice agent, and streaming APIs plus a 'Speechify for Enterprise & EDU' tier; same corporate entity (GitHub org SpeechifyInc), but a distinct product surface with its own trust page.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    Speechify is proud to say that it is SOC2 compliant and undergoes regular audits to ensure compliance.

    Verify on speechify.com
    GDPR (compliance posture, not a certification)
    HELD

    You have the right to: Request a Personal Data report... Have your Personal Data corrected or deleted... Object to us processing your Personal Data.

    Verify on speechify.com
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence on Speechify's own domain (speechify.com, speechify.ai, docs.speechify.ai). Third-party vendor-risk aggregator summaries mention ISO 27001, but this could not be corroborated with any vendor-domain page, badge, or blog post after targeted searches (site:speechify.com ISO 27001 returns unrelated results).

    source: speechify.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification or a Business Associate Agreement (BAA) offering. Marketing blog content uses the informal phrase 'HIPAA-safe' for the Voice Typing dictation feature aimed at doctors, but this is not a compliance claim and no BAA or HIPAA program is documented anywhere on the vendor's own domain.

    source: speechify.com
    PCI DSS
    NOT CONFIRMED

    No public evidence on the vendor's own domain. Payment processing is presumably outsourced to a third-party processor; no PCI claim made by Speechify itself.

    source: speechify.com
    FedRAMP
    NOT CONFIRMED

    No public evidence on the vendor's own domain. Not a plausible fit for a consumer/prosumer product with no government cloud offering advertised.

    source: speechify.com
    CSA STAR
    NOT CONFIRMED

    No public evidence on the vendor's own domain.

    source: speechify.com
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence of an AI governance certification on any vendor-domain page found.

    source: speechify.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    United States (per Privacy Policy: 'Information submitted to Speechify will be transferred to, processed, and stored in the United States.')

    Contradiction found between product lines. The SpeechifyAI/API trust page states plainly: 'We never train models on your data' (speechify.ai/trust), and directs enterprise buyers to contact sales for a DPA or security review. However, the main consumer Privacy Policy (speechify.com/privacy/) says Speechify staff may view User Content 'to improve our algorithms as described in the User Content section of our Terms of Service,' and the consumer Terms of Service (speechify.com/terms/, Section 7 USER MATERIAL) grant Speechify an 'irrevocable, perpetual, non-exclusive, royalty free, worldwide license to use, copy, perform, display, edit, distribute and otherwise exploit' user-submitted content, including creating derivative works, and to analyze content for R&D such as 'recognizing patterns in data for improving the quality of the Service.' This is a legacy-ToS-language vs current-AI-trust-page contradiction: the no-training claim is scoped to the API/enterprise product, while the consumer app's own terms reserve broad rights to use uploaded content to improve its models/service. Net: trains_on_customer_data is graded null (unresolved / tier-dependent) rather than a single true/false.

    // Security controls

    Encryption

    Vendor blog references encryption as part of its audited data-security controls ('data centers, access controls, environmental controls, regular audits, encryption') but does not publish specifics (algorithm, in-transit vs at-rest detail, key management).

    speechify.com

    SOC 2 audit report availability

    Not self-serve/public. 'Enterprise clients can request a copy of the Speechify SOC2 report.'

    speechify.com

    AI Voice API training exclusion

    'We never train models on your data' (stated for the SpeechifyAI/API product specifically).

    speechify.ai

    Children's data

    'Speechify does not knowingly collect personal information from children under the age of 13' outside of a licensed Speechify for Education account.

    speechify.com

    Data retention (Studio product)

    'No purpose in this Privacy Policy will require us keeping your personal information for longer than twelve (12) months past the termination of the user's account' (Studio/voice-cloning privacy policy; not stated for the main consumer app).

    speechify.com

    // Products & data scope

    Speechify Text to Speech / Voice Typing / Voice AI Assistant (consumer apps: web, iOS, Android, Mac, Windows, Chrome/Edge)Consumer productivity / accessibility

    data: Uploaded documents/PDFs, dictated voice audio, usage/device telemetry; broad perpetual license granted to Speechify per ToS Section 7.

    No cert beyond a 2023 SOC2 blog claim; consumer ToS reserves rights to analyze content for R&D/algorithm improvement.

    Speechify Studio (voice cloning, dubbing, voiceover, community voices)AI content creation

    data: Uploaded voice samples (treated as non-sensitive per policy), generated audio, 12-month post-termination retention cap.

    Own privacy policy references GDPR/UK-GDPR/CCPA; no explicit AI-training statement for voice samples, called out as a notable omission.

    SpeechifyAI / Speechify API (speechify.ai, docs.speechify.ai) incl. voice agents and Speechify for Enterprise & EDUDeveloper API / B2B

    data: Customer-submitted text/voice via API; dedicated infrastructure and 'enterprise-grade security' advertised for scale customers.

    Explicit no-training-on-your-data claim and DPA/security-review-on-request offer; still no published cert list, no downloadable SOC2/ISO artifacts on this page.

    // What to watch

    • No public trust center for the primary consumer product (speechify.com/trust returns 404); the only trust-style page found (speechify.ai/trust) belongs to the separate API/enterprise product line and lists no certifications, only an AI-training statement.
    • SOC 2 claim rests solely on a single 2023 marketing blog post with no report artifact, auditor name, Type 1/Type 2 designation, or renewal date published; treat as self-attested until an enterprise buyer independently verifies via the report.
    • Third-party vendor-risk/aggregator sources (not the vendor's own domain) list Speechify as PCI, HIPAA, GDPR, ISO 27001, FedRAMP, and CSA STAR compliant; none of these could be corroborated on speechify.com, speechify.ai, or docs.speechify.ai. Do not surface these on the listing as vendor-confirmed; likely an over-claim/aggregator error.
    • Legacy-ToS vs current-AI-page contradiction: the API trust page says user data is never used to train models, while the consumer Terms of Service (Section 7, User Material) grant a broad perpetual/irrevocable license and reference using content to improve algorithms/service quality. AIFOXX should not claim a blanket 'does not train on your data' for the consumer product.
    • 'HIPAA-safe' language appears in Speechify's own blog marketing for its Voice Typing/medical-dictation use case without any accompanying BAA or HIPAA compliance program disclosure; risk of user over-trust for regulated healthcare use.

    // At a glance

    Pricing model

    Freemium consumer subscription (Speechify Premium) plus a separate Enterprise/EDU tier and a usage-based/API pricing tier for SpeechifyAI developer products.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Speechify Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    speechify.ai

    > Browse all vendor trust reports