// Trust & Security Report

    SYSTRAN S.A. (SYSTRAN by ChapsVision) logo

    SYSTRAN S.A. (SYSTRAN by ChapsVision)

    Machine translation software family: free web translator (SYSTRAN Translate), paid Pro tier, Enterprise/API translation platform, on-premise/air-gapped Server deployment, Model Studio for custom model training, and Anonymizer for GDPR-oriented PII redaction. Owned by French data-processing group ChapsVision (acquired SYSTRAN S.A. in January 2024).

    Certifications held

    3

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    Certified for compliance: ISO 27001 | GDPR Compliant | HIPAA Ready

    Verify on systransoft.com
    ISO 27001 (corroborating)
    HELD

    Our facilities, teams, policies, and procedures have been audited to guarantee strict adherence to prominent security standards.

    Verify on systransoft.com
    GDPR (compliance posture, not a certification)
    HELD

    Data-sovereignty page lists "GDPR Compliant" as part of "Certified for compliance: ISO 27001 | GDPR Compliant | HIPAA Ready". Note: the privacy-policy URL resolves to a ChapsVision legal notice stating only "Chapsvision is committed to complying with applicable regulations regarding personal data protection" and links out to a separate ChapsVision Data Protection Policy; no SYSTRAN-domain page verified in this pass contains a standalone sentence asserting GDPR + French-law compliance verbatim, so GDPR posture rests on the 'GDPR Compliant' marketing badge rather than a detailed policy statement.

    Verify on systransoft.com
    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type I/II)
    NOT CONFIRMED

    FAQ: 'We already have SOC 2 Type II vendors. Isn't that enough?' Answer: 'SOC 2 is a baseline, not a ceiling. Many generic AI tools hold SOC 2 but still operate on multi-tenant public clouds...' -- SYSTRAN's own FAQ frames SOC 2 as something competitors/other vendors hold, and does not claim SOC 2 for SYSTRAN itself anywhere on the vendor domain.

    source: systransoft.com
    HIPAA
    NOT CONFIRMED

    Listed only as 'HIPAA Ready' (not 'HIPAA certified' or 'HIPAA compliant'). No BAA (Business Associate Agreement) language or independent HIPAA certification evidence found on the vendor domain. HIPAA has no official third-party certification body, so 'Ready' is a self-declared design posture, not a certification.

    source: systransoft.com
    ISO 27017 / ISO 27018 (cloud security/privacy)
    NOT CONFIRMED

    No public evidence -- not mentioned on the security page, data sovereignty page, or privacy policy.

    source: systransoft.com
    ISO 27701 (privacy information management)
    NOT CONFIRMED

    No public evidence -- not mentioned on any vendor-domain page reviewed.

    source: systransoft.com
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence -- SYSTRAN's public pages do not reference ISO 42001 or any AI-governance-specific certification.

    source: systransoft.com
    CSA STAR (incl. CSA STAR for AI)
    NOT CONFIRMED

    No public evidence found on the vendor domain.

    source: systransoft.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found; SYSTRAN's translation product does not appear to process cardholder data directly, and no PCI claim is made on the vendor domain.

    source: systransoft.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found on the vendor domain. Third-party marketing aggregator sites reference 'DoD-ready' but this is not corroborated by a vendor-domain page and is not treated as evidence per the verification rules.

    source: systransoft.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Configurable by deployment: air-gapped on-premise, private cloud, or 'sovereign SaaS' positioned to match customer compliance/region requirements. Company headquartered in Paris, France (EU). No single fixed default data region is stated on the pages reviewed.

    Marketing headline states 'zero data retention' and that customer data is 'never used to train our base models.' The Enterprise Terms of Service corroborate this for general model training and confirm Content/Final Content is deleted once the service is complete (with a 72-hour exception for automated error-pattern QA). However, the same ToS state 'Linguistic Data are stored on the Platform for an indefinite period of time,' and permit SYSTRAN to reuse Customer Content only to customize a customer's own dedicated Model at that customer's request -- this is a narrower, opt-in exception, not general base-model training. AIFOXX should present the 'zero data retention' marketing line alongside this ToS nuance rather than as an unqualified blanket claim.

    // Security controls

    Encryption in transit

    HTTPS and TLS protocols used to protect data in transit.

    systransoft.com

    Penetration testing

    Regular penetration tests conducted during major and minor releases.

    systransoft.com

    Infrastructure hardening

    Partitioned cloud infrastructure, firewalls, and IP-based access restrictions.

    systransoft.com

    Secure development practices

    States alignment with OWASP cybersecurity best practices.

    systransoft.com

    Deployment isolation options

    Air-gapped on-premise, private cloud, or sovereign SaaS deployment, allowing data to stay entirely within the customer's security perimeter.

    systransoft.com

    File retention controls

    For file translations (e.g. PDFs), automatic deletion after a configurable period; Content/Final Content deleted once the Enterprise service completes, with a 72-hour exception for error-pattern QA.

    systransoft.com

    Encryption at rest

    Not explicitly documented on vendor pages reviewed; only infrastructure-level protections (partitioned cloud, firewalls) are described. Not confirmed either way.

    systransoft.com

    // Products & data scope

    SYSTRAN Translate (free web translator)Consumer / public web translation

    data: Short text snippets (public, multi-tenant service)

    Privacy policy explicitly instructs users not to submit personal data via the online tools; SYSTRAN disclaims liability for GDPR issues arising from user-submitted personal data on this tier.

    SYSTRAN Translate ProSMB / professional subscription translation

    data: Documents and text via SaaS

    Paid tier with its own Terms of Service page; not separately verified beyond the general privacy/security posture.

    SYSTRAN Translate Enterprise / APIEnterprise machine translation platform

    data: Enterprise content, documents, and 'Linguistic Data' (glossaries/translation memory)

    Marketing claims zero data retention and zero base-model training; ToS confirms Content deletion post-service (72-hour QA exception) but 'Linguistic Data' is retained indefinitely on the platform -- a nuance AIFOXX should surface.

    SYSTRAN Translate Server (on-premise / air-gapped)Self-hosted / regulated-industry deployment

    data: Fully within customer's own infrastructure; can run with zero internet connection

    Positioned for legal, life sciences, and defense/government customers requiring maximum data confidentiality.

    SYSTRAN Model StudioCustom MT model training/customization

    data: Customer-provided glossaries/translation memory used to fine-tune the customer's own private model

    ToS explicitly limits SYSTRAN's reuse of customer content to customizing that customer's own dedicated model, not SYSTRAN's general base models.

    SYSTRAN AnonymizerGDPR-oriented PII detection/anonymization tool

    data: Detects and redacts personal data within translated text

    Marketed as a compliance aid for customers handling sensitive/personal data through translation workflows.

    // What to watch

    • SOC 2 is NOT held by SYSTRAN -- the vendor's own FAQ frames SOC 2 as something other vendors/prospects already have and argues it is 'a baseline, not a ceiling,' which confirms SYSTRAN does not claim it. Do not list SOC 2 as a SYSTRAN certification.
    • 'HIPAA Ready' is a self-declared marketing phrase bundled visually with the genuine ISO 27001 certification under a 'Certified for compliance' banner -- risk of a listing implying HIPAA is a certification on par with ISO 27001. List separately with a caveat.
    • Retention contradiction: top-of-page marketing promises 'zero data retention,' but the Enterprise Terms of Service state 'Linguistic Data are stored on the Platform for an indefinite period of time' and allow a 72-hour retention window for QA. This should be shown to buyers, not smoothed over.
    • ISO 27001 claim is corroborated on two vendor-domain pages but could not be independently verified against a public ISO certification registry/certificate number in this pass; treat as vendor-attested until a certificate/scope document is obtained.
    • Parent company is ChapsVision (acquired SYSTRAN S.A. in Jan 2024); the corporate legal notice and privacy policy route partly through chapsvision.com. Confirmed this is the genuine SYSTRAN (machine translation, founded 1968, HQ Paris) and not a different, similarly named entity.

    // At a glance

    Pricing model

    Tiered: free web translator, paid Pro subscription, Enterprise with fixed annual pricing for translation volume, plus on-premise Server licensing.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on SYSTRAN S.A. (SYSTRAN by ChapsVision)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    systransoft.com

    > Browse all vendor trust reports