// Trust & Security Report

    Tldx Solutions GmbH (product: tl;dv) logo

    Tldx Solutions GmbH (product: tl;dv)

    AI meeting notetaker/recorder for Zoom, Google Meet and Microsoft Teams (tl;dv), with add-on modules for CRM auto-fill, AI meeting reports/insights, and an AI-powered sales coaching platform built on the same recordings.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Trust center Compliance section lists 'SOC 2 Type II'; the Resources section lists a 'SOC 2 Type 2 Report 2026' and an 'Attestation of Engagement - Cybersecurity - TLDV 2026' (available on access request). Verified on the vendor's own trust center subdomain.

    Verify on trust.tldv.io
    GDPR (compliance posture, not a certification)
    HELD

    Trust center Compliance section lists 'GDPR'; the Resources section lists a 'Data Processing Agreement'. Reinforced by the privacy policy and EU-first hosting/subprocessor disclosures. Verified on the vendor's own trust center subdomain.

    Verify on trust.tldv.io
    > Show 7 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Homepage marketing states 'Your data is stored securely in ISO 27001-certified data centers' and the privacy policy clarifies: 'Google and AWS data centers are certified ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 1 and 2.' This is the cloud host's (Google Cloud/AWS/Hetzner) certification, not an ISO 27001 certification held by tl;dv/Tldx Solutions GmbH itself. The trust center's own Compliance section lists only SOC 2 Type II and GDPR, not ISO 27001.

    source: tldv.io
    HIPAA
    NOT CONFIRMED

    No public evidence. HIPAA is not listed on the trust center Compliance section, the security-commitment page, or the privacy policy. No BAA or HIPAA program is referenced anywhere on the vendor's own domain.

    source: trust.tldv.io
    PCI DSS
    NOT CONFIRMED

    No public evidence of tl;dv holding its own PCI DSS attestation. The only PCI DSS reference on-domain is to the host data centers ('Google and AWS data centers are certified ISO 27001, PCI DSS Service Provider Level 1...'); payment processing is handled by the Stripe subprocessor, not tl;dv directly.

    source: tldv.io
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not mentioned on the trust center, security-commitment page, or privacy policy.

    source: trust.tldv.io
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not mentioned on any vendor-domain page.

    source: trust.tldv.io
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence. Not mentioned on the trust center or any vendor-domain page.

    source: trust.tldv.io
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence. Not mentioned on the trust center or any vendor-domain page.

    source: trust.tldv.io

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary storage/processing in the EEA (Google Cloud and Wasabi in Germany, Hetzner in Germany/Finland). Limited portions of meeting transcripts may be processed in the EU or the US depending on which AI hosting location the customer selects in account preferences.

    tl;dv states explicitly and repeatedly on its own domain that customer recordings/transcripts are never used to train AI ('Your recordings and transcripts are yours (not ours). And we'll never, ever use them to train AI. Ever.'). AI summarization is provided via Anthropic (default) or Mistral (offered as a Europe-only alternative for GDPR-sensitive customers); tl;dv says it anonymizes metadata and processes meetings in randomized, chunked segments before sending to the LLM provider. No contradiction found between the homepage claim and the privacy policy on this point.

    // Security controls

    Encryption in transit

    All connections to tl;dv are encrypted using SSL/TLS.

    tldv.io

    Encryption at rest

    Data stored using AES-256 encryption.

    tldv.io

    Infrastructure

    Hosted on Google Cloud Platform, Hetzner (dedicated servers), and Wasabi (S3-compatible storage), all located in the EU (primarily Germany).

    tldv.io

    Continuous compliance monitoring

    Uses Vanta as a subprocessor for continuous security and compliance monitoring underpinning the trust center.

    trust.tldv.io

    Access controls

    Encryption key access restricted; production database access restricted; production OS access restricted (per trust center control list).

    trust.tldv.io

    Third-party assurance

    Trust center lists a 2026 penetration test attestation and a 2026 cybersecurity attestation of engagement as available resources (gated behind an access request).

    trust.tldv.io

    // Products & data scope

    tl;dv (core recorder/notetaker)AI meeting assistant

    data: Meeting audio/video, transcripts, AI-generated summaries; free tier available.

    Records and transcribes Zoom, Google Meet, and Microsoft Teams calls; generates AI summaries and highlight clips.

    CRM & follow-up automationSales workflow add-on

    data: Derived call outcomes, action items, drafted follow-up emails written back to CRM/integrations.

    Automates CRM logging and follow-up drafting from meeting content; same data-handling posture as core product.

    AI Reports / meeting insightsAnalytics add-on

    data: Aggregated insights across multiple meetings/recordings.

    Cross-meeting trend and insight generation for teams.

    Sales coaching platformSales enablement

    data: Call recordings/transcripts used for playbook adherence scoring and rep performance analytics.

    // What to watch

    • Homepage marketing conflates the ISO 27001 certification held by tl;dv's cloud hosts (Google Cloud/AWS/Hetzner) with a certification held by tl;dv itself ('stored securely in ISO 27001-certified data centers'). The trust center's own Compliance section does not list ISO 27001 for tl;dv. Graded held=false with a host-vs-vendor caveat; listing should not present ISO 27001 as a tl;dv-held certification.
    • Third-party aggregator listings (e.g. review/vendor-risk sites, not tl;dv's own domain) surface a much longer badge list for tl;dv including PCI, HIPAA, FedRAMP, and CSA STAR 'Compliant' claims. None of these appear on tl;dv's own trust center, security page, or privacy policy, and could not be verified on a vendor-owned domain, so they were graded held=false rather than accepted from the third-party source.
    • Trust center detail pages (resources, full control list, subprocessor detail) are gated behind an access request, so the underlying SOC 2 report and pen-test attestation could not be read directly; grading relies on the trust center's summary listing plus the security-commitment page.
    • Enterprise/private-hosting tier ('privately hosted AI on request') is mentioned only in passing on the homepage; no dedicated page was found describing what changes (data residency, retention, training posture) for that tier.

    // At a glance

    Pricing model

    Freemium SaaS (free forever tier plus paid Pro/Business/Enterprise-style plans); not independently confirmed in this pass beyond the homepage's 'Free forever' CTA.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Tldx Solutions GmbH (product: tl;dv)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.tldv.io

    > Browse all vendor trust reports