// Trust & Security Report

    Topaz Labs LLC logo

    Topaz Labs LLC

    Topaz Labs AI media enhancement suite (Topaz Video, Photo, Gigapixel, Studio, plus cloud/web apps and Enterprise/API)

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    Satisfy strict security standards with SOC 2-compliant deployment and seamless SSO integration

    Verify on topazlabs.com
    GDPR (compliance posture, not a certification)
    HELD

    Topaz located at 15 Dallas Parkway, Suite 900, Dallas, TX 75254, acts as the data controller for the personal information we process in connection with the use of the Software by users in the EEA... Pursuant to GDPR, we will use your personal information in one or more of the following circumstances

    Verify on topazlabs.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED
    source: trust.topazlabs.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not stated

    Data region

    United States (cloud rendering). Local/desktop rendering is on-device, so no data leaves the user's computer. Data controller entity is US-based (Dallas, TX); acts as controller for EEA users.

    Vendor states explicitly it does not train models on customer content. Enterprise page: 'We never train models using customer data or content.' and 'No-retention mode guarantees customer data is never persisted or used for training.' Consumer privacy policy notes that media submitted for enhancement may be cached/stored only as needed to provide the service, not for training. Desktop local rendering keeps files entirely on the user's machine ('Your files never leave your computer with local rendering').

    // Security controls

    Trust Center (SafeBase)

    Public trust center at trust.topazlabs.com publishing security policies (Cryptography, Secure Development, Access Control, Data Management, Asset Management, Risk Assessment, Third Party Management, Human Resource, Code of Conduct) and a Business Continuity / Disaster Recovery Plan

    trust.topazlabs.com

    Subprocessors (disclosed)

    AWS, Vast.ai, RunPod, Lambda Labs - all listed as US-based hosting/compute providers

    trust.topazlabs.com

    Local (on-device) processing

    Desktop app supports unlimited local rendering where files never leave the user's computer; positioned for confidential/proprietary footage

    topazlabs.com

    SSO

    Enterprise tier offers SSO-enabled authentication and centralized access control

    topazlabs.com

    No-retention mode (enterprise)

    Enterprise no-retention mode guarantees customer data is never persisted or used for training

    topazlabs.com

    Penetration testing

    not verified - no public statement found on vendor domain

    trust.topazlabs.com

    Bug bounty

    not verified - no HackerOne/Bugcrowd or self-managed program found on vendor domain

    trust.topazlabs.com

    // Products & data scope

    Topaz Video (desktop)AI video enhancement / upscaling (Mac, Windows; standalone or plugin for After Effects, DaVinci Resolve, Premiere)

    data: Local rendering: files stay on-device, nothing uploaded. Optional cloud rendering uses Cloud Credits and processes in US cloud.

    Consumer/prosumer subscription. Local mode is the privacy-strong path for confidential footage.

    Topaz StudioBundled suite (Video, Photo, Gigapixel, cloud image apps)

    data: Same split: unlimited local rendering plus monthly cloud credits for US-based cloud processing.

    Higher-tier consumer subscription; adds cloud image rendering.

    Enterprise / APIEnterprise media enhancement deployment and API

    data: No-retention mode (data never persisted or used for training); SSO; GDPR-compliant workflows; optional custom Docker container for high-security/high-volume (on-prem capable).

    Where the SOC 2-compliant deployment, SSO and GDPR claims apply. Distinct, higher-assurance scope vs consumer apps.

    Web Tools / Cloud Apps (Image Web, Astra, Bloom, Mosaic, etc.)Browser-based AI image/video tools

    data: Cloud processing in US; uploads handled per the consumer privacy policy (cached/stored only as needed to provide service, not for training).

    Browser tools inherently upload content; no local-only option for these.

    // What to watch

    • SOC 2 is described as 'SOC 2-compliant deployment' on the enterprise page but no SOC 2 Type II report, audit date, or badge is published on the trust center - treat as an unverified marketing claim, not a confirmed certification.
    • No public penetration test attestation or bug bounty program (HackerOne/Bugcrowd) found on the vendor domain.
    • Trust center lists strong policy documentation but does not surface any third-party certification badges in captured content.
    • Consumer privacy policy permits caching/storing submitted media as needed to provide the service; the strongest no-retention guarantee is scoped to the Enterprise tier only.
    • No explicit DPA availability statement located (enterprise@topazlabs.com is the contact for trust/DPA requests).

    // At a glance

    Pricing model

    Subscription. Personal $59/mo, Topaz Studio $69/mo (annual tiers); cloud credits included monthly; Enterprise/API custom pricing.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Topaz Labs LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.topazlabs.com

    > Browse all vendor trust reports