// Trust & Security Report
Chia Labs, Inc. (dba Topic; owned by CafeMedia/Raptive)
Topic is an AI-assisted SEO content optimization platform (content briefs, Outline Builder, Content Grader/Copilot) sold to editors and agencies; acquired by CafeMedia (now Raptive) in 2021 and operated as a product line inside CafeMedia's publisher tooling.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 6 unconfirmed / not-held certifications
source: usetopic.comTerms of Service: "Topic will make available materials describing its security safeguards and related audit and compliance reports upon request (the 'Security Materials')" - no report, auditor name, or type is named or published anywhere on the vendor's site.
source: usetopic.comNo public evidence. No mention of ISO 27001 or any ISO certification anywhere on usetopic.com (home, privacy, terms) or in site-restricted search of usetopic.com.
source: usetopic.comNo public evidence. No mention of HIPAA, PHI, or BAAs on usetopic.com; the product (SEO content tooling) is not positioned as handling health data.
source: usetopic.comNo public evidence. Payment processing is handled by Stripe, listed as a subprocessor; Topic itself does not claim PCI DSS compliance.
source: usetopic.comNo public evidence. No AI-governance certification or framework is referenced on the vendor's site.
source: usetopic.comPrivacy Policy: "Topic complies with the EU-US and Swiss-US Privacy Shield Frameworks...and has certified that it adheres to the Privacy Shield Principles." This framework was invalidated by the CJEU (Schrems II) in July 2020; the claim as published is legally stale and should not be treated as a live certification.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not specified on the vendor's site (no data-residency or regional-hosting statement found).
No dedicated AI-training disclosure exists. Terms of Service grant Topic rights to aggregate 'metadata generated by your use of the Services...with similar data of other Topic customers, and use and commercialize the resulting data sets,' with personal data excluded or de-identified - this is data aggregation/commercialization language, not an explicit statement about training generative AI models on customer content. The product itself is described on the homepage as 'Powered by GPT-3,' indicating Topic calls a third-party model (OpenAI) rather than training its own; whether prompts/customer drafts sent to that model are retained or used for OpenAI's training is not addressed on the vendor's site. Marked null/unconfirmed rather than false because the aggregation clause leaves real ambiguity.
// Security controls
Encryption in transit/at rest
Not publicly documented. Privacy Policy states only: "Topic protects personal data from unauthorized use, disclosure, corruption and destruction using appropriate technical and organizational measures" - no specifics on encryption, key management, or infrastructure.
usetopic.comAudit/compliance reports
Referenced only as available "upon request" via unpublished "Security Materials"; not independently verifiable from the public site.
usetopic.comData Processing Addendum (DPA)
Privacy Policy references that "commitments" for customers subject to GDPR are described in a separate Data Processing Addendum, but no DPA is published, linked, or available for review on the site.
usetopic.comSubprocessors
Listed in Privacy Policy: Zendesk, DocuSign/HelloSign, Stripe, Google (email, docs, analytics, ads), HubSpot, Salesforce, Google Cloud Platform.
usetopic.comUptime commitment
"Topic will use commercially reasonable efforts to make the Services available 24 x 7" (no SLA percentage stated); a public Status Page is linked from the site footer.
usetopic.com// Products & data scope
data: Customer-submitted keywords, drafts, and content briefs; account/billing data via Stripe; support data via Zendesk.
No separate consumer vs. enterprise vs. API product lines are documented; Topic is sold as one cloud SaaS product to editors and agencies, with 'For Agencies' as a use-case page rather than a distinct product tier.
// What to watch
- No public trust center, security page, or published SOC 2/ISO reports; compliance materials are gated behind a manual request process, which is common for a small SaaS but means AIFOXX cannot show any hard cert badges.
- Privacy Policy still cites the EU-US/Swiss-US Privacy Shield Framework, which was invalidated by the CJEU in July 2020 - this is a stale/legacy legal claim that should not be surfaced as a current compliance mechanism, and the vendor should be encouraged to update it (references Standard Contractual Clauses would be the current mechanism, but none are named).
- Terms of Service grant broad rights to aggregate and commercialize customer usage metadata; while personal data is excluded, this is worth surfacing to prospective customers as a data-use consideration.
- Identity note: vendor is Chia Labs, Inc. dba Topic, acquired by CafeMedia (now Raptive) in 2021; assessment is scoped to Topic's own public pages only, not to CafeMedia/Raptive's separate compliance posture, since no evidence ties CafeMedia's certifications (if any) to the Topic product itself.
// At a glance
Pricing model
Demo-gated / sales-assisted SaaS subscription.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Chia Labs, Inc. (dba Topic; owned by CafeMedia/Raptive)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
usetopic.com