// Trust & Security Report
Topaz Labs LLC
AI photo and video enhancement (upscale, denoise, sharpen, restore, frame interpolation) across desktop apps, browser/cloud web apps, and an enterprise API
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on topazlabs.com“SOC 2–compliant deployment and seamless SSO integration for secure authentication, centralized access control, and enterprise-ready governance.”
Verify on topazlabs.com“Enterprise-grade infrastructure designed for secure, compliant deployment featuring SSO-enabled authentication and GDPR-compliant workflows. The EEA section of the privacy policy names Topaz as data controller and lists data-subject rights (access, erasure, restriction, objection).”
> Show 1 unconfirmed / not-held certifications
source: trust.topazlabs.comNo ISO 27001 claim found on the Topaz Labs site, trust center, or privacy policy.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not stated
Data region
United States (HQ Dallas, TX; all listed subprocessors are US-based: AWS, Vast.ai, RunPod, Lambda Labs)
Enterprise page states: 'We never train models using customer data or content. Our training data is sourced using industry-standard practices, and we do not use licensed content without compensation.' It also offers a 'No-retention mode [that] guarantees customer data is never persisted or used for training.' Desktop apps process locally on the user device by default; web/cloud apps (Topaz Image Web, Astra) upload media to Topaz cloud subprocessors for processing.
// Security controls
Cryptography / encryption
Trust center publishes a Cryptography Policy; specific in-transit/at-rest cipher details are not stated publicly
trust.topazlabs.comSecurity program documentation
Trust center exposes policies: Secure Development, Access Control, Data Management, Asset Management, Risk Assessment, Third Party Management, Business Continuity and Disaster Recovery, Human Resource, Code of Conduct
trust.topazlabs.comSSO / access control
Enterprise tier offers SSO-enabled authentication and centralized access control
topazlabs.comNo-retention mode
Enterprise no-retention mode ensures customer data is never persisted or used for training
topazlabs.comSubprocessors
AWS, Vast.ai, RunPod, Lambda Labs (all United States, hosting/cloud compute)
trust.topazlabs.com// Products & data scope
data: Processing runs locally on the user device by default; cloud processing optional. Telemetry collected includes device info, IP, OS version, and usage data per privacy policy.
Lowest data exposure: media need not leave the machine for local models.
data: User media uploaded to Topaz cloud (US subprocessors: AWS, Vast.ai, RunPod, Lambda Labs) for processing. Subject to standard privacy policy. The full cloud lineup also includes Bloom and Mosaic alongside Topaz Image Web and Astra.
Higher data exposure than desktop: content transits and is processed in US cloud infrastructure.
data: SSO, centralized user and license management, no-retention mode so customer data is never persisted or used for training; GDPR-compliant workflows claimed.
Strongest controls. Vendor claims 'SOC 2-compliant deployment' but no third-party SOC 2 report or badge is publicly verifiable; request the report under NDA before relying on it.
data: Browser-based cloud processing of uploaded media; consumer privacy policy applies.
Consumer-grade; not covered by enterprise no-retention guarantees.
// What to watch
- SOC 2 is asserted only as a marketing phrase ('SOC 2-compliant deployment') on the enterprise page; no SOC 2 Type II report, attestation letter, or auditor badge is publicly verifiable. Treat as claimed-but-unverified, not a held certification.
- No ISO 27001, no public penetration-testing statement, and no bug-bounty / VDP program found.
- Trust center (trust.topazlabs.com) is a JavaScript-rendered portal; policy documents and any certification artifacts likely sit behind an access request / NDA gate not visible in the rendered text.
- DPA availability not confirmed on public pages (a Data Management Policy exists but a customer-signable DPA was not located).
- Data-exposure profile differs sharply by product: local desktop processing vs US-cloud web/API processing.
// At a glance
Pricing model
Per-app subscription (from ~$19/mo) and one-time desktop licenses, plus cloud credits and enterprise/API custom pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Topaz Labs LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.topazlabs.com