// Trust & Security Report
Transifex, Inc.
AI-powered localization and translation management platform; products include Transifex TMS (translation management system), Transifex AI (LLM-driven translation with ZDR), Transifex Native (SDK for in-app localization), and TQI (Translation Quality Index)
Certifications held
3
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on transifex.com“Transifex's SOC 2 Type I report did not have any noted exceptions and therefore was issued with a 'clean' audit opinion from SSF. The examination was performed by Sensiba San Filippo, LLP (SSF) and covered security, availability, processing integrity, confidentiality and privacy.”
Verify on transifex.com“We have successfully completed a System and Organization Controls (SOC) 2 Type II audit performed by Sensiba San Filippo, LLP (SSF). Transifex's SOC 2 Type II report did not have any noted exceptions and therefore was issued with a 'clean' audit opinion from SSF. Official Transifex blog post published September 28, 2022 (echoed on the Transifex community forum October 4, 2022).”
Verify on transifex.com“Transifex publishes a Data Processing Agreement, Standard Contractual Clauses, and a Sub-Processors list. The DPA states: 'We will act as a Processor of any Protected Data provided to Us in delivering the Services to You' and commits to 72-hour breach notification.”
> Show 7 unconfirmed / not-held certifications
source: transifex.comNo public evidence of ISO 27001 certification on any Transifex-domain page. Note: Transifex's security page lists AWS's ISO 27001 certification as their hosting provider's attribute, not Transifex's own.
source: transifex.comNo HIPAA compliance claim on any Transifex-domain page. Transifex's security page mentions AWS hosting complies with HIPAA, but that is the host's certification, not Transifex's own posture.
source: transifex.comTransifex does not store or process card data directly: 'We do not store any credit card information. All our credit card processing is taken care of by Chargebee and Stripe.' PCI DSS scope therefore lies with those processors, not Transifex.
source: transifex.comNo public evidence of ISO 27701 (privacy information management) certification on any Transifex-domain page.
source: transifex.comNo public evidence of ISO 42001 or any AI governance certification on any Transifex-domain page.
source: transifex.comNo public evidence of CSA STAR registration or certification on any Transifex-domain page.
source: transifex.comNo public evidence of FedRAMP authorization on any Transifex-domain page.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
AWS Ireland (EU) for primary hosting per security page; however the privacy policy states data 'may be viewed and hosted anywhere in the world' with no formal residency lock. No EU-only data residency option is documented publicly.
Transifex AI FAQ states: 'your data remains your data and is not used to train public models.' The platform uses Zero Data Retention (ZDR) with external AI providers (OpenAI, Anthropic, Google Gemini listed as sub-processors), meaning customer content is not retained by those providers for training purposes. Per-customer fine-tuning and RAG are described as the personalization mechanism. The privacy policy (last modified November 2024) does not contradict this but does not explicitly address AI training on customer data in its text.
// Security controls
Encryption in transit
SSL/TLS for all server-to-server and web app traffic; HTTPS enforced for all app-facing endpoints
transifex.comEncryption at rest
File and database backups encrypted with AES (Advanced Encryption Standard)
transifex.comInfrastructure hosting
Amazon Web Services Ireland (EU region); all VMs on cloud with administrative access limited to authorized personnel
transifex.comIncident monitoring
24x7 monitoring with a public status page at status.transifex.com; Twitter/X status handle @TransifexStatus
transifex.comVulnerability disclosure
Responsible disclosure via security@transifex.com with PGP encryption option; active bug bounty/researcher acknowledgment program
transifex.comCredit card data handling
No card data stored; payment processing delegated to Chargebee and Stripe (PCI Level 1 service providers)
transifex.comAccess controls
Role-based access; physical office access restricted with security personnel; need-to-know policy
transifex.comCode security
Code reviews before production deployment; regular audits against OWASP Top Ten; critical patches applied immediately
transifex.comAuthentication options
SSO (SAML), Two-Factor Authentication (2FA), social login (GitHub, LinkedIn, Google)
help.transifex.comData deletion post-termination
30-day extraction window after contract termination; deletion within a reasonable period after that window
transifex.comAudit rights
Customers may conduct annual audits of Transifex's security controls with 14 days notice; cost borne by customer unless material failure found
transifex.com// Products & data scope
data: Source strings and translated content uploaded by users; user account data; project metadata
Core platform used by product, marketing, and dev teams. Integrates with 40+ tools. Content stored on AWS Ireland.
data: Customer content passed to external AI sub-processors (OpenAI, Anthropic, Google Gemini) with ZDR agreements; brand glossary and voice data stored per-customer
ZDR feature ensures content is not retained by LLM providers for model training. Per-customer fine-tuning using customer's own content. RAG used for brand-context injection.
data: Strings served dynamically from Transifex CDN; no user PII processed by Native SDK itself
Developer SDK enabling over-the-air translation updates without app release.
data: Translated strings evaluated by AI quality scoring models
Automates human review triage; allows AI translations to publish without human intervention when quality threshold met.
// What to watch
- HOST-CERT CONFLATION: Transifex's own security page lists AWS's certifications (SOC 1/2/3, ISO 27001, HIPAA, PCI-DSS Level 1, FIPS-140-2, CSA, FERPA, FISMA Moderate) in a way that could mislead readers into thinking these are Transifex's own certifications. These are AWS's certs, not Transifex's. AIFOXX should not list these as Transifex-held.
- SOC 2 TYPE II RENEWAL STATUS UNKNOWN: The SOC 2 Type II announcement dates to September 2022 (official Transifex blog, September 28, 2022; community-forum echo October 4, 2022). SOC 2 Type II is typically renewed annually. No public evidence of renewal reports beyond 2022 was found as of June 2026. The cert may still be current (many vendors maintain it privately) but cannot be confirmed from public sources.
- NO ISO 27001: Despite serving large enterprise clients (HubSpot, Celonis), Transifex has no publicly evidenced ISO 27001 certification. Procurement teams expecting ISO 27001 should request evidence directly.
- AI SUB-PROCESSOR ZDR VERIFICATION: Transifex claims ZDR with OpenAI, Anthropic, and Google Gemini. Whether formal ZDR API agreements are in place with each provider was not independently verified; this claim relies solely on Transifex marketing pages.
- DATA RESIDENCY AMBIGUITY: Security page implies AWS Ireland (EU) hosting, but privacy policy states data may be hosted 'anywhere in the world.' No formal EU data residency commitment or customer-selectable region is documented.
// At a glance
Pricing model
Tiered SaaS (Starter free trial, growth/professional plans by volume of words/strings; enterprise pricing on request)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Transifex, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
transifex.com