// Trust & Security Report
Talkdesk, Inc.
Talkdesk CX Cloud - an enterprise contact-center-as-a-service (CCaaS) platform with AI agent products (Autopilot, Copilot, Navigator, Identity, Agentic Outbound) plus a FedRAMP-authorized Government Edition and industry-specific editions (e.g. Healthcare Experience Cloud).
Certifications held
14
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on talkdesk.com“Talkdesk is pleased to announce our newest security certification: SOC2 Type II.”
Verify on talkdesk.com“Talkdesk provides a better way to trust with more than 30 security certifications (including BSI C5, SOC 2 and 3, ISO 27001, PCI DSS Level 1, HIPAA, GDPR...)”
Verify on talkdesk.com“Talkdesk provides a better way to trust with more than 30 security certifications (including BSI C5, SOC 2 and 3, ISO 27001, PCI DSS Level 1, HIPAA, GDPR, and the industry's only ISO 22301 Business Continuity certification, and ISO/IEC 42001 for AI governance).”
Verify on talkdesk.com“Talkdesk® is the first CCaaS provider to achieve the ISO 27701:2019 certification, the privacy extension of ISO 27001.”
Verify on talkdesk.com“Talkdesk is the first and only cloud contact center platform to receive the ISO 22301 certification for Business Continuity Management.”
Verify on talkdesk.com“Talkdesk earns ISO/IEC 42001 certification, the global standard for responsible AI... Securing ISO 42001 certification isn't just about meeting a regulatory bar; it's about giving our customers the trust they need to move AI from experimentation into full-scale production.”
Verify on talkdesk.com“Certification logos for ISO 27017 and ISO 27018 are displayed on Talkdesk's Security Certifications & Standards page alongside ISO 27001, ISO 22301, ISO 27701 and ISO 42001; no further descriptive text accompanies the logos on that page.”
Verify on talkdesk.com“...PCI DSS Level 1... Secure Payments: A PCI-DSS Level 1 compliant solution that provides a secure and compliant means of processing sensitive credit card data.”
Verify on talkdesk.com“Talkdesk provides a better way to trust with more than 30 security certifications (including BSI C5, SOC 2 and 3, ISO 27001, PCI DSS Level 1, HIPAA, GDPR, and the industry's only ISO 22301 Business Continuity certification, and ISO/IEC 42001 for AI governance). HIPAA is listed among the vendor's security certifications on this page; the separately-marketed HIPAA-compliant Healthcare Experience Cloud edition and BAA availability are described on Talkdesk's healthcare pages, not on this cited source.”
Verify on talkdesk.com“To the extent Talkdesk processes any personal data from the European Economic Area, the United Kingdom or Switzerland, the Standard Contractual Clauses, as set forth in the Data Processing Agreement ("SCCs"), apply.”
Verify on talkdesk.com“Talkdesk achieves full FedRAMP authorization for CX Cloud Government Edition.”
Verify on talkdesk.com“Talkdesk Inc. is listed on the Cloud Security Alliance STAR Registry, and a CSA STAR certification logo is displayed on Talkdesk's Security Certifications & Standards page.”
Verify on talkdesk.com“Talkdesk clears regulatory path for German enterprises with BSI C5 certification.”
Verify on talkdesk.com“Talkdesk is certified under the Asia-Pacific Economic Cooperation Privacy Recognition for Processors System and is bound by a legally enforceable set of obligations to provide comparable protection to the applicable Data Protection Law of the Countries participants in the APEC Cross-Border Privacy Rules (CBPR) System.”
> Show 1 unconfirmed / not-held certifications
source: talkdesk.comA Data Privacy Framework certification logo is displayed on Talkdesk's certifications page, but no independent Data Privacy Framework (DPF) program listing for Talkdesk was located to corroborate current self-certification status; treated as unconfirmed rather than fabricated.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Customer-selectable regional cloud deployment; privacy notice states 'the customer has other processing facilities in different regions (such as Europe, Canada, Australia and the United Kingdom) to choose from,' in addition to the US.
The privacy notice states Talkdesk 'does not use or process personal data for purposes other than those for which the data were collected, does not sell personal information' and that Talkdesk 'may use Artificial Intelligence (AI) systems to process personal data at customers' request' within 'the legal safeguards defined by the EU AI Act and the GDPR.' This is a general processing-purpose limitation, not an explicit, unambiguous statement of whether customer interaction data is used to train underlying AI/ML models across customers, and no dedicated AI-training opt-out toggle was found on the public site. Recommend the vendor confirm explicitly (per-tier) before AIFOXX asserts a training posture.
// Security controls
Encryption in transit
Not independently quoted from a vendor page in this pass; Talkdesk's Security & Compliance and Infrastructure Security pages describe encrypted communications as part of its ISO 27001-aligned ISMS, but a verbatim in-transit-specific sentence was not captured. Treat as unconfirmed detail rather than fabricated.
talkdesk.comBusiness continuity
ISO 22301 certified for Business Continuity Management, described by Talkdesk as unique among cloud contact center platforms.
talkdesk.comPayment data handling
PCI DSS Level 1 compliant Secure Payments product for processing sensitive credit card data without exposing it to agents.
talkdesk.comCompliance monitoring
Talkdesk Guardian is described as an AI-driven cloud compliance solution to mitigate insider-threat and negligence risk across distributed workforces.
talkdesk.comManagement systems
Talkdesk states it has implemented an Information Security and Privacy Information Management System (ISMS and PIMS) and a Business Continuity Management System (BCMS), including audit logging and third-party due diligence.
support.talkdesk.com// Products & data scope
data: Customer PII, call/chat/SMS interaction content and metadata, payment data (via Secure Payments), CRM integration data.
Core commercial product covered by SOC 2 Type II, ISO 27001/27017/27018/27701/22301, PCI DSS Level 1, HIPAA (with BAA), and GDPR-oriented DPA/SCCs.
data: Same interaction data as commercial edition, deployed in a US-government-authorized environment.
Fully FedRAMP-authorized as of June 2025 (progressed from FedRAMP In Process in Aug 2023 to Agency ATO in Feb 2025 to full authorization). FedRAMP applies only to this Government Edition, not automatically to the commercial CX Cloud SKU.
data: Protected Health Information (PHI), patient interaction data, EHR-integrated data (HL7 FHIR).
Marketed as HIPAA-compliant with BAA availability for healthcare covered entities/business associates.
data: Voice/chat transcripts, customer intents, enterprise knowledge base content used for grounding.
Covered by the newer ISO/IEC 42001 AI governance certification (Jan 2026); explicit per-product AI-training-on-customer-data disclosure was not found on the public site.
// What to watch
- The vendor's Security Certifications & Standards page displays certification logos with no accompanying descriptive text for most of them (SOC 2/3, ISO 27017, ISO 27018, ISO 27001, CSA STAR, Cyber Essentials, NIST, Data Privacy Framework); several of these were corroborated with a second, text-based vendor source (blog/press release), but ISO 27017, ISO 27018, CSA STAR, and the Data Privacy Framework mark rely on the logo page alone or a directory listing rather than a dedicated vendor statement, so those are weaker-confidence proofs than the SOC 2/ISO 27001/ISO 27701/ISO 22301/ISO 42001/PCI DSS/HIPAA/FedRAMP items, which each have a dedicated vendor blog or press release.
- FedRAMP authorization applies specifically to the CX Cloud Government Edition SKU, not automatically to the standard commercial CX Cloud product; listing FedRAMP without that scope note would be an over-claim.
- No explicit, unambiguous vendor statement was found confirming or denying that customer interaction data is used to train Talkdesk's underlying AI models across customers, or describing a per-tier AI-training opt-out; the privacy notice's language about AI processing 'at customers' request' under GDPR/EU AI Act safeguards is suggestive but not a clear training-data policy statement.
- A publicly reported class-action allegation (re: Patagonia's use of Talkdesk) claims conversations were recorded/used without adequate disclosure; this is a third-party litigation claim, not vendor-domain evidence, so it is not scored as a cert/finding but is noted for awareness and should not be presented on the listing without independent verification.
// At a glance
Pricing model
Custom enterprise quote-based pricing (per-agent/per-user licensing), not self-serve; third-party estimates cite figures like ~$85/user/month as a starting point, not confirmed on a vendor pricing page in this pass.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Talkdesk, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
talkdesk.com