// Trust & Security Report
Tandem Software LLC
Tandem (tandem.chat) is a virtual-office / video-conferencing app for remote and hybrid teams (instant video calls, screensharing, virtual rooms, meeting widgets, 200+ integrations). Single product with tiered team-size pricing (Free, Small Teams, Medium Teams, Large Teams); no separate enterprise/API/AI product line found. Not to be confused with other companies also named 'Tandem': Tandem LLC / tandem.app (InfoSec compliance software, has its own real SOC 2 Type II), Tandem AI / usetandem.ai (AI workspace platform), Tandem Health (trust.tandemhealth.ai), or the Tandem language-learning app (tandem.net) — none of those entities' certifications apply to this vendor.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: tandemchat.notion.site"Tandem fully complies with SOC2 standard for data security... We conduct periodic reviews of our security with our cloud partner 66degrees.com" — self-declared on a Notion page linked from the site footer as "GDPR/SOC2". No auditor name, audit period, Type I/II designation, Trust Services Criteria scope, or downloadable report is provided anywhere on the vendor's domain. This is a self-attestation, not an independently verified certification.
source: tandem.chatNo public evidence. Not mentioned on the privacy policy, terms of service, pricing page, or GDPR/SOC2 compliance page.
source: tandem.chatNo public evidence. No HIPAA, BAA, or healthcare-data language anywhere on the vendor's site.
source: tandemchat.notion.site"Tandem is committed to and is fully compliant with this data protection regulation... users from each region in the world, eg Europe, are routed to the local cluster (eg Europe West) that is fully contained with respect to routing, data storage." This directly contradicts the vendor's own Privacy Policy, which states: "Tandem transfers, processes and stores data about you on servers operated by our hosting provider located in the United States of America." No DPA document, SCC reference, or list of sub-processors is published; enterprise inquiries are directed to an email address instead. Graded held=false because the compliance claim is self-declared and internally inconsistent, not because GDPR is a certifiable standard.
source: tandemchat.notion.site"Payments made in the local cluster are stored in 3rd party PCI compliant servers and are not stored locally." This describes the PCI compliance of a third-party payment processor, not a PCI attestation held by Tandem Software LLC itself.
source: tandem.chatNo public evidence found on any vendor-domain page.
source: tandem.chatNo public evidence. Product has no described AI/LLM feature set, and no AI-governance certification is mentioned anywhere on the vendor's site.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Per the Privacy Policy, customer data is stored on servers operated by the vendor's hosting provider 'located in the United States of America.' The separate GDPR/SOC2 page instead claims users are routed to regional 'local clusters' (e.g. 'Europe West') hosted on Google Cloud Platform, contradicting the single-region (US) statement in the Privacy Policy. This inconsistency is unresolved as of this review.
Tandem.chat is a video conferencing / virtual-office product, not an AI or LLM tool. No AI-training language, model-training clause, or opt-out mechanism appears anywhere in the Privacy Policy, Terms of Service, or GDPR/SOC2 page, and no AI feature is described on the site, so this field is not applicable/unknown rather than a confirmed 'no'.
// Security controls
Encryption in transit / at rest
Not specified with technical detail. Privacy Policy only states generic 'commercially acceptable means of protecting it' and explicitly disclaims that 'no method of transmission over the internet, or method of electronic storage is 100% secure.' No TLS version or at-rest encryption algorithm (e.g. AES-256) is stated.
tandem.chatHosting infrastructure
GDPR/SOC2 page states service clusters run on Google Cloud Platform with 'continuous monitoring.' This is inconsistent with the Privacy Policy's separate statement that data is stored with a US-based hosting provider without naming GCP.
tandemchat.notion.siteData retention / deletion
Customer data (names, profile photos, email addresses, recordings/transcriptions) is stated to be automatically purged once a customer unsubscribes; users can email gdpr@tandem.chat for deletion confirmation.
tandemchat.notion.siteIndependent security review
Vendor states it conducts 'periodic reviews of our security with our cloud partner 66degrees.com' — a cloud consulting partner, not an independent audit firm, and no report is published.
tandemchat.notion.siteAccount security
Privacy Policy 'encourages' but does not require two-factor authentication; no SSO/SAML is mentioned on the pricing or product pages for any tier.
tandem.chat// Products & data scope
data: Names, email addresses, optional profile photos, meeting/call metadata, chat messages and timestamps, log data (IP, browser, device info); audio/video call content is stated as not recorded or stored by default.
// What to watch
- Over-claim: vendor's footer link is literally labeled 'GDPR/SOC2' and the linked page states Tandem 'fully complies with SOC2 standard for data security,' but no auditor, report, audit period, or Type I/II designation is provided anywhere — this reads as a compliance claim without a backing audit and should not be displayed as a verified SOC 2 badge.
- Contradiction: Privacy Policy states data is stored only on US servers, while the GDPR page claims regional EU/US data clusters for GDPR purposes. Not resolved as of last_verified.
- Identity risk: the name 'Tandem' is shared by at least four unrelated companies with real, verifiable certifications (Tandem LLC/tandem.app has an actual audited SOC 2 Type II from Sensiba LLP; Tandem AI/usetandem.ai claims its own SOC 2 Type 2). Web searches for 'Tandem SOC2' surface those unrelated companies' evidence prominently — none of it belongs to Tandem Software LLC (tandem.chat) and none was used in this assessment.
- No independent trust center (SafeBase/Vanta/Drata/etc.); the only compliance documentation is a single self-authored Notion page.
- No DPA document or sub-processor list is published; prospective enterprise customers must email the vendor to request this information.
// At a glance
Pricing model
Per-team flat-rate SaaS subscription, tiered by member count (Free up to 4 members; $59-449/mo paid tiers up to unlimited members), monthly or annual billing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Tandem Software LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
tandem.chat