// Trust & Security Report
Topaz Labs LLC
Topaz Labs AI media enhancement suite (Topaz Video, Photo, Gigapixel, Studio, plus cloud/web apps and Enterprise/API)
Certifications held
3
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on topazlabs.com“Satisfy strict security standards with SOC 2-compliant deployment and seamless SSO integration”
Verify on topazlabs.com“Topaz located at 15 Dallas Parkway, Suite 900, Dallas, TX 75254, acts as the data controller for the personal information we process in connection with the use of the Software by users in the EEA... Pursuant to GDPR, we will use your personal information in one or more of the following circumstances”
> Show 1 unconfirmed / not-held certifications
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not stated
Data region
United States (cloud rendering). Local/desktop rendering is on-device, so no data leaves the user's computer. Data controller entity is US-based (Dallas, TX); acts as controller for EEA users.
Vendor states explicitly it does not train models on customer content. Enterprise page: 'We never train models using customer data or content.' and 'No-retention mode guarantees customer data is never persisted or used for training.' Consumer privacy policy notes that media submitted for enhancement may be cached/stored only as needed to provide the service, not for training. Desktop local rendering keeps files entirely on the user's machine ('Your files never leave your computer with local rendering').
// Security controls
Trust Center (SafeBase)
Public trust center at trust.topazlabs.com publishing security policies (Cryptography, Secure Development, Access Control, Data Management, Asset Management, Risk Assessment, Third Party Management, Human Resource, Code of Conduct) and a Business Continuity / Disaster Recovery Plan
trust.topazlabs.comSubprocessors (disclosed)
AWS, Vast.ai, RunPod, Lambda Labs - all listed as US-based hosting/compute providers
trust.topazlabs.comLocal (on-device) processing
Desktop app supports unlimited local rendering where files never leave the user's computer; positioned for confidential/proprietary footage
topazlabs.comNo-retention mode (enterprise)
Enterprise no-retention mode guarantees customer data is never persisted or used for training
topazlabs.comBug bounty
not verified - no HackerOne/Bugcrowd or self-managed program found on vendor domain
trust.topazlabs.com// Products & data scope
data: Local rendering: files stay on-device, nothing uploaded. Optional cloud rendering uses Cloud Credits and processes in US cloud.
Consumer/prosumer subscription. Local mode is the privacy-strong path for confidential footage.
data: Same split: unlimited local rendering plus monthly cloud credits for US-based cloud processing.
Higher-tier consumer subscription; adds cloud image rendering.
data: No-retention mode (data never persisted or used for training); SSO; GDPR-compliant workflows; optional custom Docker container for high-security/high-volume (on-prem capable).
Where the SOC 2-compliant deployment, SSO and GDPR claims apply. Distinct, higher-assurance scope vs consumer apps.
data: Cloud processing in US; uploads handled per the consumer privacy policy (cached/stored only as needed to provide service, not for training).
Browser tools inherently upload content; no local-only option for these.
// What to watch
- SOC 2 is described as 'SOC 2-compliant deployment' on the enterprise page but no SOC 2 Type II report, audit date, or badge is published on the trust center - treat as an unverified marketing claim, not a confirmed certification.
- No public penetration test attestation or bug bounty program (HackerOne/Bugcrowd) found on the vendor domain.
- Trust center lists strong policy documentation but does not surface any third-party certification badges in captured content.
- Consumer privacy policy permits caching/storing submitted media as needed to provide the service; the strongest no-retention guarantee is scoped to the Enterprise tier only.
- No explicit DPA availability statement located (enterprise@topazlabs.com is the contact for trust/DPA requests).
// At a glance
Pricing model
Subscription. Personal $59/mo, Topaz Studio $69/mo (annual tiers); cloud credits included monthly; Enterprise/API custom pricing.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Topaz Labs LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.topazlabs.com