// Trust & Security Report
James Betker (individual open-source maintainer; no registered company identified)
Tortoise TTS — an open-source, self-hosted multi-voice text-to-speech model (Apache 2.0 license) distributed as a GitHub repo / pip package (`tortoise-tts`). No commercial entity, hosted SaaS product, or paid tier exists under this name; a community-run demo is hosted on Hugging Face Spaces (a third party, not the author).
Certifications held
0
Maturity
Unknown
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: github.comno public evidence; this is a personal open-source software repository with no corporate entity, hosted service, or trust center
source: github.comno public evidence; no company or hosted infrastructure exists to certify
source: github.comno privacy policy or GDPR statement published by the project; the README states the model 'runs entirely locally' with no vendor backend, so there is no vendor-side personal-data processing to attest to
source: github.comnot applicable; project has no payment processing or commercial offering
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
n/a — no vendor-hosted service; all inference runs on infrastructure the user controls
Tortoise TTS is inference-only, self-hosted software: users run the model on their own NVIDIA GPU hardware (or a self-managed Docker container). The repo's README describes local installation via conda/pip/Docker with no network call-back to the author or any vendor service, so no user audio or text is transmitted to or trained on by the maintainer. The only network-facing surface is a third-party Hugging Face Spaces community demo (https://huggingface.co/spaces/Manmay/tortoise-tts), which is operated by Hugging Face / a community contributor, not by the Tortoise TTS author, and is out of scope for this vendor's own data-handling posture. No formal privacy policy, terms of service, or DPA is published for the project itself; only GitHub's own site-wide privacy/terms apply to the repository hosting, and those belong to GitHub, not to this project.
// Security controls
Encryption in transit
Not applicable to the core project (no vendor-hosted API); repository access itself is served over HTTPS by GitHub.
github.comHosting model
Self-hosted only. Users install and run the model locally or in their own Docker/cloud environment; there is no vendor-operated backend or API endpoint.
github.comLicense / code transparency
Apache-2.0 licensed, fully open-source (14.9k GitHub stars, 47 contributors), so code and model behavior are independently auditable.
github.comVulnerability reporting
GitHub 'Security' tab exists for the repo (standard GitHub Security Overview features) but no dedicated vendor security policy or disclosure page was found.
github.com// Products & data scope
data: Runs entirely on the user's own hardware; no data leaves the user's environment by default.
Distributed via GitHub and PyPI (`pip install tortoise-tts`). Apache-2.0 license. Author is James Betker (also known for DALL-E work at OpenAI); the README states the project was built independently on the author's own hardware and 'their employer was not involved in any facet of Tortoise's development.'
data: Text/voice inputs submitted to the public demo are processed on Hugging Face's infrastructure, governed by Hugging Face's own privacy policy, not by the Tortoise TTS author.
Listed in the README as a convenience for users without a local GPU; explicitly a separate operator (Hugging Face / community maintainer 'Manmay'), so its data handling is out of scope for this vendor assessment.
// What to watch
- This is a personal open-source software project (single maintainer, James Betker), not a company or commercial SaaS vendor — no trust center, privacy policy, terms of service, or compliance certifications exist, and none should be fabricated or implied.
- AIFOXX listing risk: if displayed alongside hosted SaaS AI tools with compliance badges, this entry could misleadingly imply vendor-side data handling; the listing should clearly mark it as 'open-source, self-hosted' with no applicable compliance certs rather than showing blank/absent badges that read as a gap.
- A separate, unaffiliated Hugging Face Spaces demo exists for convenience; do not attribute its data handling or any Hugging Face compliance posture to the Tortoise TTS project itself (host-vs-vendor conflation risk).
// At a glance
Pricing model
Free, open source (Apache 2.0); no paid tiers or commercial SaaS offering
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on James Betker (individual open-source maintainer; no registered company identified)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
github.com