// Trust & Security Report

    Topaz Labs LLC logo

    Topaz Labs LLC

    AI photo and video enhancement (upscale, denoise, sharpen, restore, frame interpolation) across desktop apps, browser/cloud web apps, and an enterprise API

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    SOC 2–compliant deployment and seamless SSO integration for secure authentication, centralized access control, and enterprise-ready governance.

    Verify on topazlabs.com
    GDPR posture
    HELD

    Enterprise-grade infrastructure designed for secure, compliant deployment featuring SSO-enabled authentication and GDPR-compliant workflows. The EEA section of the privacy policy names Topaz as data controller and lists data-subject rights (access, erasure, restriction, objection).

    Verify on topazlabs.com
    > Show 1 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No ISO 27001 claim found on the Topaz Labs site, trust center, or privacy policy.

    source: trust.topazlabs.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not stated

    Data region

    United States (HQ Dallas, TX; all listed subprocessors are US-based: AWS, Vast.ai, RunPod, Lambda Labs)

    Enterprise page states: 'We never train models using customer data or content. Our training data is sourced using industry-standard practices, and we do not use licensed content without compensation.' It also offers a 'No-retention mode [that] guarantees customer data is never persisted or used for training.' Desktop apps process locally on the user device by default; web/cloud apps (Topaz Image Web, Astra) upload media to Topaz cloud subprocessors for processing.

    // Security controls

    Cryptography / encryption

    Trust center publishes a Cryptography Policy; specific in-transit/at-rest cipher details are not stated publicly

    trust.topazlabs.com

    Security program documentation

    Trust center exposes policies: Secure Development, Access Control, Data Management, Asset Management, Risk Assessment, Third Party Management, Business Continuity and Disaster Recovery, Human Resource, Code of Conduct

    trust.topazlabs.com

    SSO / access control

    Enterprise tier offers SSO-enabled authentication and centralized access control

    topazlabs.com

    No-retention mode

    Enterprise no-retention mode ensures customer data is never persisted or used for training

    topazlabs.com

    Subprocessors

    AWS, Vast.ai, RunPod, Lambda Labs (all United States, hosting/cloud compute)

    trust.topazlabs.com

    Penetration testing

    not verified (no public statement found)

    trust.topazlabs.com

    Bug bounty

    not verified (no HackerOne/Bugcrowd or public VDP found)

    trust.topazlabs.com

    // Products & data scope

    Desktop apps (Topaz Photo, Topaz Video, Gigapixel, Topaz Studio)Local AI media enhancement

    data: Processing runs locally on the user device by default; cloud processing optional. Telemetry collected includes device info, IP, OS version, and usage data per privacy policy.

    Lowest data exposure: media need not leave the machine for local models.

    Web / cloud apps (Topaz Image Web, Astra, Bloom, Mosaic, Adobe Premiere Panel, Gigapixel iOS)Cloud AI media enhancement

    data: User media uploaded to Topaz cloud (US subprocessors: AWS, Vast.ai, RunPod, Lambda Labs) for processing. Subject to standard privacy policy. The full cloud lineup also includes Bloom and Mosaic alongside Topaz Image Web and Astra.

    Higher data exposure than desktop: content transits and is processed in US cloud infrastructure.

    Enterprise / API / Studio ProEnterprise media enhancement

    data: SSO, centralized user and license management, no-retention mode so customer data is never persisted or used for training; GDPR-compliant workflows claimed.

    Strongest controls. Vendor claims 'SOC 2-compliant deployment' but no third-party SOC 2 report or badge is publicly verifiable; request the report under NDA before relying on it.

    Free web tools (Video/Image upscalers, background remover, etc.)Consumer free tools

    data: Browser-based cloud processing of uploaded media; consumer privacy policy applies.

    Consumer-grade; not covered by enterprise no-retention guarantees.

    // What to watch

    • SOC 2 is asserted only as a marketing phrase ('SOC 2-compliant deployment') on the enterprise page; no SOC 2 Type II report, attestation letter, or auditor badge is publicly verifiable. Treat as claimed-but-unverified, not a held certification.
    • No ISO 27001, no public penetration-testing statement, and no bug-bounty / VDP program found.
    • Trust center (trust.topazlabs.com) is a JavaScript-rendered portal; policy documents and any certification artifacts likely sit behind an access request / NDA gate not visible in the rendered text.
    • DPA availability not confirmed on public pages (a Data Management Policy exists but a customer-signable DPA was not located).
    • Data-exposure profile differs sharply by product: local desktop processing vs US-cloud web/API processing.

    // At a glance

    Pricing model

    Per-app subscription (from ~$19/mo) and one-time desktop licenses, plus cloud credits and enterprise/API custom pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Topaz Labs LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.topazlabs.com

    > Browse all vendor trust reports