// Trust & Security Report

    TextCortex AI (Text Cortex AI UG, Berlin, Germany) logo

    TextCortex AI (Text Cortex AI UG, Berlin, Germany)

    Enterprise AI agent infrastructure: AI writing assistant, browser extension, no-code Visual Agent Builder, Model Hub, Knowledge Search/Knowledge Bases, Workflow Automation, and API

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Certifications ... SOC 2 Type II · 1

    Verify on trust.textcortex.com
    SOC 2 Type I
    HELD

    Certifications ... SOC 2 Type I · 1

    Verify on trust.textcortex.com
    ISO 27001
    HELD

    Certifications ... ISO 27001 · 1

    Verify on trust.textcortex.com
    GDPR
    HELD

    Built for European data sovereignty. GDPR-compliant, ISO and SOC2 certified ... Zero data training

    Verify on textcortex.com
    HIPAA
    HELD

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    European Union. Services and third-party AI models hosted exclusively on GDPR-compliant EU servers; any optional LLMs hosted outside the EU are covered by the EU-US Data Privacy Framework or GDPR Standard Contractual Clauses.

    Multi-tier nuance. CONSUMER/DEFAULT (App, Browser Extension, API): TextCortex states it 'may utilize data provided through its App, Browser Extension, or API to enhance and refine its AI models'; users can opt out via a form, after which new interactions are not used for training. KNOWLEDGE BASE documents are NOT used for model retraining by default and are processed only by TextCortex. ENTERPRISE: marketed as a strict no-data-collection / 'Zero data training' posture, i.e. enterprise data is not collected, stored, or used to train models. NOTE a tension between the marketing line 'Your data stays private and is never used for training' and the documented consumer default of opt-out training; the strongest no-training guarantee applies to Enterprise and to Knowledge Base content, not necessarily to default consumer/API usage.

    // Security controls

    Trust center / continuous monitoring

    TrustShare (TrustCloud) real-time trust portal with 18 published policies and 174 continuously monitored controls

    trust.textcortex.com

    Encryption

    Encryption Policy published; controls include 'Data in transit encryption' and 'Data store encryption' (at rest); specific cipher/TLS versions not publicly stated

    trust.textcortex.com

    Vulnerability management

    Vulnerability Management Policy published; controls include 'Common web vulnerabilities' and 'Dependency vulnerability monitoring'

    trust.textcortex.com

    Penetration testing

    Not explicitly published on the public trust page; typically expected under SOC 2 Type II / ISO 27001 but unverified from vendor's own statements

    trust.textcortex.com

    Bug bounty program

    No HackerOne or Bugcrowd program found; none advertised on vendor site or trust center

    trust.textcortex.com

    Access control & logging

    Access Control, Authentication/Password policies; controls for centralized logging, audit logging, automatic account lockout, background checks

    trust.textcortex.com

    Subprocessors

    7 disclosed: Azure, Google Cloud, Hetzner, Customer.io, Stripe, Ybug, Zendesk

    trust.textcortex.com

    Status page

    Public status page linked from site footer

    textcortex.com

    // Products & data scope

    TextCortex Web App + Browser ExtensionAI writing/assistant (consumer & team)

    data: User prompts/interactions across 30,000+ apps via browser extension; by default may be used to refine models unless user opts out

    Free and paid individual/team tiers; opt-out of training available via form

    APIDeveloper API

    data: Programmatic data submission; default policy mirrors consumer (may be used for model improvement unless opted out)

    Same opt-out mechanism applies

    Knowledge Bases / Knowledge SearchRAG over internal company docs

    data: Uploaded documents stored securely, processed only by TextCortex, NOT used for model retraining by default; persist only while in the knowledge base

    No third-party involvement in processing of knowledge base docs

    Enterprise / Agent Infrastructure (Visual Agent Builder, Workflow Automation, Model Hub)Enterprise AI agent platform & governance

    data: Strict no-data-collection posture; enterprise data not collected, stored, or used for training ('Zero data training'); EU hosting; DPA available

    Slack/Teams integration, scheduled automations, model-agnostic hub; target of SOC 2 / ISO 27001 program

    // What to watch

    • Marketing copy ('Your data stays private and is never used for training') conflicts with the documented consumer/API default that data MAY be used to train models unless the user opts out; the strongest no-training guarantee is scoped to Enterprise and Knowledge Base data.
    • trains_on_customer_data set to true reflects the CONSUMER/API default (opt-out model); Enterprise tier is effectively no-training.
    • Penetration testing and bug bounty not explicitly confirmed on vendor's public pages; certification detail documents (SOC 2 / ISO reports) are gated behind 'Request Access'.
    • Legal entity is a small German company (Text Cortex AI UG (haftungsbeschränkt), HRB 233350 B, Berlin, founded 2021). Company size is relevant only to vendor-viability/financial-backing diligence; it is not a security negative. For its size the compliance posture is unusually strong and independently attested: SOC 2 Type I and Type II plus ISO 27001, all surfaced on a live continuously-monitored trust portal.

    // At a glance

    Pricing model

    Freemium plus paid individual/team subscriptions; custom Enterprise pricing (demo-led)

    Self-hostable

    Not stated

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on TextCortex AI (Text Cortex AI UG, Berlin, Germany)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.textcortex.com

    > Browse all vendor trust reports