// Trust & Security Report
Tldx Solutions GmbH (product: tl;dv)
AI meeting notetaker/recorder for Zoom, Google Meet and Microsoft Teams (tl;dv), with add-on modules for CRM auto-fill, AI meeting reports/insights, and an AI-powered sales coaching platform built on the same recordings.
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.tldv.io“Trust center Compliance section lists 'SOC 2 Type II'; the Resources section lists a 'SOC 2 Type 2 Report 2026' and an 'Attestation of Engagement - Cybersecurity - TLDV 2026' (available on access request). Verified on the vendor's own trust center subdomain.”
Verify on trust.tldv.io“Trust center Compliance section lists 'GDPR'; the Resources section lists a 'Data Processing Agreement'. Reinforced by the privacy policy and EU-first hosting/subprocessor disclosures. Verified on the vendor's own trust center subdomain.”
> Show 7 unconfirmed / not-held certifications
source: tldv.ioHomepage marketing states 'Your data is stored securely in ISO 27001-certified data centers' and the privacy policy clarifies: 'Google and AWS data centers are certified ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 1 and 2.' This is the cloud host's (Google Cloud/AWS/Hetzner) certification, not an ISO 27001 certification held by tl;dv/Tldx Solutions GmbH itself. The trust center's own Compliance section lists only SOC 2 Type II and GDPR, not ISO 27001.
source: trust.tldv.ioNo public evidence. HIPAA is not listed on the trust center Compliance section, the security-commitment page, or the privacy policy. No BAA or HIPAA program is referenced anywhere on the vendor's own domain.
source: tldv.ioNo public evidence of tl;dv holding its own PCI DSS attestation. The only PCI DSS reference on-domain is to the host data centers ('Google and AWS data centers are certified ISO 27001, PCI DSS Service Provider Level 1...'); payment processing is handled by the Stripe subprocessor, not tl;dv directly.
source: trust.tldv.ioNo public evidence. Not mentioned on the trust center, security-commitment page, or privacy policy.
source: trust.tldv.ioNo public evidence. Not mentioned on any vendor-domain page.
source: trust.tldv.ioNo public evidence. Not mentioned on the trust center or any vendor-domain page.
source: trust.tldv.ioNo public evidence. Not mentioned on the trust center or any vendor-domain page.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Primary storage/processing in the EEA (Google Cloud and Wasabi in Germany, Hetzner in Germany/Finland). Limited portions of meeting transcripts may be processed in the EU or the US depending on which AI hosting location the customer selects in account preferences.
tl;dv states explicitly and repeatedly on its own domain that customer recordings/transcripts are never used to train AI ('Your recordings and transcripts are yours (not ours). And we'll never, ever use them to train AI. Ever.'). AI summarization is provided via Anthropic (default) or Mistral (offered as a Europe-only alternative for GDPR-sensitive customers); tl;dv says it anonymizes metadata and processes meetings in randomized, chunked segments before sending to the LLM provider. No contradiction found between the homepage claim and the privacy policy on this point.
// Security controls
Infrastructure
Hosted on Google Cloud Platform, Hetzner (dedicated servers), and Wasabi (S3-compatible storage), all located in the EU (primarily Germany).
tldv.ioContinuous compliance monitoring
Uses Vanta as a subprocessor for continuous security and compliance monitoring underpinning the trust center.
trust.tldv.ioAccess controls
Encryption key access restricted; production database access restricted; production OS access restricted (per trust center control list).
trust.tldv.ioThird-party assurance
Trust center lists a 2026 penetration test attestation and a 2026 cybersecurity attestation of engagement as available resources (gated behind an access request).
trust.tldv.io// Products & data scope
data: Meeting audio/video, transcripts, AI-generated summaries; free tier available.
Records and transcribes Zoom, Google Meet, and Microsoft Teams calls; generates AI summaries and highlight clips.
data: Derived call outcomes, action items, drafted follow-up emails written back to CRM/integrations.
Automates CRM logging and follow-up drafting from meeting content; same data-handling posture as core product.
data: Aggregated insights across multiple meetings/recordings.
Cross-meeting trend and insight generation for teams.
data: Call recordings/transcripts used for playbook adherence scoring and rep performance analytics.
// What to watch
- Homepage marketing conflates the ISO 27001 certification held by tl;dv's cloud hosts (Google Cloud/AWS/Hetzner) with a certification held by tl;dv itself ('stored securely in ISO 27001-certified data centers'). The trust center's own Compliance section does not list ISO 27001 for tl;dv. Graded held=false with a host-vs-vendor caveat; listing should not present ISO 27001 as a tl;dv-held certification.
- Third-party aggregator listings (e.g. review/vendor-risk sites, not tl;dv's own domain) surface a much longer badge list for tl;dv including PCI, HIPAA, FedRAMP, and CSA STAR 'Compliant' claims. None of these appear on tl;dv's own trust center, security page, or privacy policy, and could not be verified on a vendor-owned domain, so they were graded held=false rather than accepted from the third-party source.
- Trust center detail pages (resources, full control list, subprocessor detail) are gated behind an access request, so the underlying SOC 2 report and pen-test attestation could not be read directly; grading relies on the trust center's summary listing plus the security-commitment page.
- Enterprise/private-hosting tier ('privately hosted AI on request') is mentioned only in passing on the homepage; no dedicated page was found describing what changes (data residency, retention, training posture) for that tier.
// At a glance
Pricing model
Freemium SaaS (free forever tier plus paid Pro/Business/Enterprise-style plans); not independently confirmed in this pass beyond the homepage's 'Free forever' CTA.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Tldx Solutions GmbH (product: tl;dv)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.tldv.io