// Trust & Security Report
Stability AI, Inc. (Stability AI Ltd in EEA/UK/Switzerland; Stability AI US Services Corporation elsewhere)
Stability AI's generative media stack built around the open-weight Stable Diffusion (and Stable Audio/Video/3D) model family: open-weight models under a Stability AI/Community License for self-hosting, a hosted Platform API, the enterprise-managed Brand Studio creative-production SaaS, and Cloud Platform integrations (e.g. AWS Bedrock)
Certifications held
4
Maturity
Growth
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.stability.ai“Compliance SOC 2 Type 2 Resources View all Security Frameworks Stability AI Inc. SOC 2 Type 2 Report”
Verify on stability.ai“Stability AI Achieves SOC 2 Type II and SOC 3 Compliance, Reaching New Industry Standard for Enterprise-Grade Security ... an independent third-party auditor assessed five trust service criteria: security, availability, processing integrity, confidentiality, and privacy.”
Verify on stability.ai“Stability processes your personal data on servers located outside of the European Economic Area ("EEA"), Switzerland, and the UK, including processing your personal data in our servers in the US. ... We rely on the SCCs as approved by the European Commission under Article 46 GDPR (and their approved equivalent for the UK and Switzerland). ... the data controller responsible for your personal data is Stability AI Ltd [EEA/UK/CH] or Stability AI US Services Corporation [elsewhere].”
> Show 6 unconfirmed / not-held certifications
source: trust.stability.aino public evidence: trust.stability.ai's Compliance section lists only 'SOC 2 Type 2' under Security Frameworks; no ISO 27001 certificate, badge, or report appears anywhere on stability.ai or trust.stability.ai
source: trust.stability.aino public evidence: no HIPAA/BAA reference on the Trust Center or Privacy Policy. Third-party badge aggregators (e.g. Nudge Security) list Stability AI as 'HIPAA Compliant' but this is not corroborated on any stability.ai or trust.stability.ai page and should be treated as an unverified overclaim.
source: trust.stability.aino public evidence on vendor domain; payments are not a core product surface and no PCI mention appears on the Trust Center
source: trust.stability.aino public evidence: not listed among the Trust Center's Compliance/Security Frameworks (only SOC 2 Type 2 is listed there)
source: trust.stability.aino public evidence on vendor domain; third-party aggregators claim 'CSA Star Level 1 Compliant' but this is not shown on trust.stability.ai's own Compliance section
source: trust.stability.aino public evidence on vendor domain; not applicable, no FedRAMP marketplace listing or Trust Center reference found
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Hosted products (Platform API, Brand Studio, Stable Assistant) process data on servers outside the EEA/UK/Switzerland, including in the US, per the Privacy Policy; cross-border transfer relies on Standard Contractual Clauses and Article 45 adequacy decisions. AWS is listed as a subprocessor hosting production environments and the HPC training cluster. Self-hosted/open-weight deployments keep all data inside the customer's own chosen environment.
Privacy Policy lists model training as a processing purpose: 'to improve and develop our Services and conduct research, including to train and improve our models and develop new product features.' Training on Inputs/Outputs is opt-out, not opt-in: 'When we use your Inputs and Outputs to train our models, you can opt-out of our use of this personal data for these training purposes' (via the Privacy Center). It is not documented on any public vendor page whether Enterprise/Brand Studio contracts carry a different (no-training-by-default) term than the self-serve API/consumer apps; self-hosted open-weight Stable Diffusion usage never sends data to Stability at all, so this concern is moot for that deployment mode.
// Security controls
Encryption
Trust Center product-security controls list 'Data encryption utilized' and infrastructure controls list 'Encryption key access restricted'; 'Portable media encrypted' listed under organizational security. No further detail (e.g. specific TLS/AES versions) published.
trust.stability.aiAccess control
'Unique production database authentication enforced' and 'Unique account authentication enforced' listed under Infrastructure security controls.
trust.stability.aiPenetration testing
'Penetration testing performed' listed under Product security controls; a '2025 Penetration Test Executive Report' is listed as an available resource (access-gated).
trust.stability.aiVulnerability disclosure
Public Vulnerability Disclosure Program (VDP) with a dedicated policy and contact security@stability.ai.
trust.stability.aiBusiness continuity / disaster recovery
'Continuity and Disaster Recovery plans established' and 'tested' listed under Internal security procedures controls.
trust.stability.aiCyber insurance
'Cybersecurity insurance maintained' listed under Internal security procedures controls.
trust.stability.aiData retention & deletion
'Data retention procedures established' and 'Customer data deleted upon leaving' listed under Data and privacy controls.
trust.stability.aiSubprocessors (transparency)
Public subprocessor list includes Amazon Web Services (cloud hosting / HPC training cluster), Thorn (CSAM-filtering tooling), Cinder (content-policy monitoring), and OpenRouter (used only if the optional 'AI Enhance Prompt' feature is used, routing to Mistral AI or DeepInfra).
trust.stability.ai// Products & data scope
data: None reaches Stability's infrastructure when run locally or in a customer-controlled environment; governed by the Stability AI Community License or a commercial Stability AI License, not the hosted Privacy Policy.
Strongest data-control posture of the product family: since inference runs on infrastructure the customer controls, none of Stability's own SOC 2/SOC 3 boundary or training-opt-out concerns apply.
data: Prompts and generated Inputs/Outputs processed on Stability-managed cloud infrastructure (partly AWS); governed by the general Privacy Policy; training on Inputs/Outputs is opt-out via the Privacy Center.
Primary hosted product covered by the SOC 2 Type II / SOC 3 Trust Center scope.
data: Customer brand/creative assets processed within Stability's managed environment for marketing/production workflows.
Marketed with 'indemnification, expert support, compliance' for enterprise deployment; falls within the same Trust Center coverage as the Platform API, but enterprise contract terms (e.g. training opt-out defaults, DPA) were not independently verifiable on public pages.
data: Runs in the customer's own cloud/on-prem environment or via a partner cloud marketplace (e.g. Amazon Bedrock); data governance is inherited from that environment, not from Stability's own SOC 2 audit boundary.
Buyers should not assume Stability's SOC 2/SOC 3 badge covers this deployment mode; the relevant certifications are the customer's own or the partner cloud's (e.g. AWS).
// What to watch
- Overclaim risk: third-party compliance-badge aggregator sites (e.g. Nudge Security) list Stability AI as HIPAA, PCI, ISO 27001, FedRAMP, and CSA STAR compliant. None of these are corroborated by Stability's own Trust Center, which as verified lists only SOC 2 Type II and SOC 3 under its Compliance section. Do not surface these extra badges from third-party sources.
- Full SOC 2 Type II / SOC 3 / 2025 penetration test reports are gated behind a 'Request access' NDA-style portal on trust.stability.ai; report titles and the audited trust-service criteria are public, but the underlying PDFs (exact audit period, sub-service organizations, noted exceptions) could not be independently opened for this assessment.
- No standalone Data Processing Addendum (DPA) page was found on any Stability AI public domain; enterprise/API customers likely need to request one via sales, but this could not be confirmed with a vendor-domain proof URL, so dpa is recorded as false/unconfirmed rather than true.
- AI training default: the Privacy Policy states Inputs/Outputs are used to train models by default with an opt-out via the Privacy Center. Public pages do not clarify whether Enterprise/Brand Studio contracts carry a different (no-training) default from the self-serve API/consumer apps.
- Self-hosted Stable Diffusion and Cloud Platform deployments (e.g. via AWS Bedrock) sit outside Stability's own SOC 2/SOC 3 audit boundary; the customer inherits their own or the partner cloud's security posture in those modes, not Stability AI's certifications.
// At a glance
Pricing model
Freemium consumer apps (e.g. Stable Assistant) plus usage-based Platform API credits, custom Enterprise Brand Studio plans, and Self-Hosted License fees
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Stability AI, Inc. (Stability AI Ltd in EEA/UK/Switzerland; Stability AI US Services Corporation elsewhere)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.stability.ai