// Trust & Security Report
TextCortex AI (Text Cortex AI UG, Berlin, Germany)
Enterprise AI agent infrastructure: AI writing assistant, browser extension, no-code Visual Agent Builder, Model Hub, Knowledge Search/Knowledge Bases, Workflow Automation, and API
Certifications held
5
Maturity
Enterprise
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on textcortex.com“Built for European data sovereignty. GDPR-compliant, ISO and SOC2 certified ... Zero data training”
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
European Union. Services and third-party AI models hosted exclusively on GDPR-compliant EU servers; any optional LLMs hosted outside the EU are covered by the EU-US Data Privacy Framework or GDPR Standard Contractual Clauses.
Multi-tier nuance. CONSUMER/DEFAULT (App, Browser Extension, API): TextCortex states it 'may utilize data provided through its App, Browser Extension, or API to enhance and refine its AI models'; users can opt out via a form, after which new interactions are not used for training. KNOWLEDGE BASE documents are NOT used for model retraining by default and are processed only by TextCortex. ENTERPRISE: marketed as a strict no-data-collection / 'Zero data training' posture, i.e. enterprise data is not collected, stored, or used to train models. NOTE a tension between the marketing line 'Your data stays private and is never used for training' and the documented consumer default of opt-out training; the strongest no-training guarantee applies to Enterprise and to Knowledge Base content, not necessarily to default consumer/API usage.
// Security controls
Trust center / continuous monitoring
TrustShare (TrustCloud) real-time trust portal with 18 published policies and 174 continuously monitored controls
trust.textcortex.comEncryption
Encryption Policy published; controls include 'Data in transit encryption' and 'Data store encryption' (at rest); specific cipher/TLS versions not publicly stated
trust.textcortex.comVulnerability management
Vulnerability Management Policy published; controls include 'Common web vulnerabilities' and 'Dependency vulnerability monitoring'
trust.textcortex.comPenetration testing
Not explicitly published on the public trust page; typically expected under SOC 2 Type II / ISO 27001 but unverified from vendor's own statements
trust.textcortex.comBug bounty program
No HackerOne or Bugcrowd program found; none advertised on vendor site or trust center
trust.textcortex.comAccess control & logging
Access Control, Authentication/Password policies; controls for centralized logging, audit logging, automatic account lockout, background checks
trust.textcortex.comSubprocessors
7 disclosed: Azure, Google Cloud, Hetzner, Customer.io, Stripe, Ybug, Zendesk
trust.textcortex.com// Products & data scope
data: User prompts/interactions across 30,000+ apps via browser extension; by default may be used to refine models unless user opts out
Free and paid individual/team tiers; opt-out of training available via form
data: Programmatic data submission; default policy mirrors consumer (may be used for model improvement unless opted out)
Same opt-out mechanism applies
data: Uploaded documents stored securely, processed only by TextCortex, NOT used for model retraining by default; persist only while in the knowledge base
No third-party involvement in processing of knowledge base docs
data: Strict no-data-collection posture; enterprise data not collected, stored, or used for training ('Zero data training'); EU hosting; DPA available
Slack/Teams integration, scheduled automations, model-agnostic hub; target of SOC 2 / ISO 27001 program
// What to watch
- Marketing copy ('Your data stays private and is never used for training') conflicts with the documented consumer/API default that data MAY be used to train models unless the user opts out; the strongest no-training guarantee is scoped to Enterprise and Knowledge Base data.
- trains_on_customer_data set to true reflects the CONSUMER/API default (opt-out model); Enterprise tier is effectively no-training.
- Penetration testing and bug bounty not explicitly confirmed on vendor's public pages; certification detail documents (SOC 2 / ISO reports) are gated behind 'Request Access'.
- Legal entity is a small German company (Text Cortex AI UG (haftungsbeschränkt), HRB 233350 B, Berlin, founded 2021). Company size is relevant only to vendor-viability/financial-backing diligence; it is not a security negative. For its size the compliance posture is unusually strong and independently attested: SOC 2 Type I and Type II plus ISO 27001, all surfaced on a live continuously-monitored trust portal.
// At a glance
Pricing model
Freemium plus paid individual/team subscriptions; custom Enterprise pricing (demo-led)
Self-hostable
Not stated
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on TextCortex AI (Text Cortex AI UG, Berlin, Germany)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.textcortex.com