// Trust & Security Report

    Chia Labs, Inc. (dba Topic; owned by CafeMedia/Raptive) logo

    Chia Labs, Inc. (dba Topic; owned by CafeMedia/Raptive)

    Topic is an AI-assisted SEO content optimization platform (content briefs, Outline Builder, Content Grader/Copilot) sold to editors and agencies; acquired by CafeMedia (now Raptive) in 2021 and operated as a product line inside CafeMedia's publisher tooling.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 6 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    Terms of Service: "Topic will make available materials describing its security safeguards and related audit and compliance reports upon request (the 'Security Materials')" - no report, auditor name, or type is named or published anywhere on the vendor's site.

    source: usetopic.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. No mention of ISO 27001 or any ISO certification anywhere on usetopic.com (home, privacy, terms) or in site-restricted search of usetopic.com.

    source: usetopic.com
    HIPAA
    NOT CONFIRMED

    No public evidence. No mention of HIPAA, PHI, or BAAs on usetopic.com; the product (SEO content tooling) is not positioned as handling health data.

    source: usetopic.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. Payment processing is handled by Stripe, listed as a subprocessor; Topic itself does not claim PCI DSS compliance.

    source: usetopic.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence. No AI-governance certification or framework is referenced on the vendor's site.

    source: usetopic.com
    EU-US / Swiss-US Privacy Shield
    NOT CONFIRMED

    Privacy Policy: "Topic complies with the EU-US and Swiss-US Privacy Shield Frameworks...and has certified that it adheres to the Privacy Shield Principles." This framework was invalidated by the CJEU (Schrems II) in July 2020; the claim as published is legally stale and should not be treated as a live certification.

    source: usetopic.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Not specified on the vendor's site (no data-residency or regional-hosting statement found).

    No dedicated AI-training disclosure exists. Terms of Service grant Topic rights to aggregate 'metadata generated by your use of the Services...with similar data of other Topic customers, and use and commercialize the resulting data sets,' with personal data excluded or de-identified - this is data aggregation/commercialization language, not an explicit statement about training generative AI models on customer content. The product itself is described on the homepage as 'Powered by GPT-3,' indicating Topic calls a third-party model (OpenAI) rather than training its own; whether prompts/customer drafts sent to that model are retained or used for OpenAI's training is not addressed on the vendor's site. Marked null/unconfirmed rather than false because the aggregation clause leaves real ambiguity.

    // Security controls

    Encryption in transit/at rest

    Not publicly documented. Privacy Policy states only: "Topic protects personal data from unauthorized use, disclosure, corruption and destruction using appropriate technical and organizational measures" - no specifics on encryption, key management, or infrastructure.

    usetopic.com

    Audit/compliance reports

    Referenced only as available "upon request" via unpublished "Security Materials"; not independently verifiable from the public site.

    usetopic.com

    Data Processing Addendum (DPA)

    Privacy Policy references that "commitments" for customers subject to GDPR are described in a separate Data Processing Addendum, but no DPA is published, linked, or available for review on the site.

    usetopic.com

    Subprocessors

    Listed in Privacy Policy: Zendesk, DocuSign/HelloSign, Stripe, Google (email, docs, analytics, ads), HubSpot, Salesforce, Google Cloud Platform.

    usetopic.com

    Uptime commitment

    "Topic will use commercially reasonable efforts to make the Services available 24 x 7" (no SLA percentage stated); a public Status Page is linked from the site footer.

    usetopic.com

    // Products & data scope

    Topic (single product, agency/team tiers)SEO content optimization / AI writing assistant

    data: Customer-submitted keywords, drafts, and content briefs; account/billing data via Stripe; support data via Zendesk.

    No separate consumer vs. enterprise vs. API product lines are documented; Topic is sold as one cloud SaaS product to editors and agencies, with 'For Agencies' as a use-case page rather than a distinct product tier.

    // What to watch

    • No public trust center, security page, or published SOC 2/ISO reports; compliance materials are gated behind a manual request process, which is common for a small SaaS but means AIFOXX cannot show any hard cert badges.
    • Privacy Policy still cites the EU-US/Swiss-US Privacy Shield Framework, which was invalidated by the CJEU in July 2020 - this is a stale/legacy legal claim that should not be surfaced as a current compliance mechanism, and the vendor should be encouraged to update it (references Standard Contractual Clauses would be the current mechanism, but none are named).
    • Terms of Service grant broad rights to aggregate and commercialize customer usage metadata; while personal data is excluded, this is worth surfacing to prospective customers as a data-use consideration.
    • Identity note: vendor is Chia Labs, Inc. dba Topic, acquired by CafeMedia (now Raptive) in 2021; assessment is scoped to Topic's own public pages only, not to CafeMedia/Raptive's separate compliance posture, since no evidence ties CafeMedia's certifications (if any) to the Topic product itself.

    // At a glance

    Pricing model

    Demo-gated / sales-assisted SaaS subscription.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Chia Labs, Inc. (dba Topic; owned by CafeMedia/Raptive)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    usetopic.com

    > Browse all vendor trust reports