// Trust & Security Report
Crimson AI Pvt. Ltd. (Trinka AI is described in its Terms of Service as "a fully owned product of Crimson AI Pvt. Ltd."; product developed under the Enago brand, part of the Crimson Interactive group)
Trinka is a privacy-first AI grammar/language-correction and academic-integrity writing assistant. Sub-products span: consumer/individual Grammar Checker + free tools (paraphraser, AI detector, citation tools), Premium/Premium Plus subscriptions, an Enterprise tier with a paid add-on "Confidential Data Plan" (zero storage / real-time deletion / no AI training, ~$500/yr), Institution-focused academic-integrity tooling (DocuMark), Publisher-focused copyediting/AI peer-review workspace, and a developer Grammar Checker API/SDK with on-premise deployment option for enterprise customers.
Certifications held
9
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trinka.ai“Trinka is SOC 2 (Type 2) certified, independently verifying that we meet the trust services criteria for security, privacy, availability, and confidentiality.”
Verify on trinka.ai“Trinka's information security management system is ISO 27001 certified, meeting rigorous international standards for protecting your data against evolving security threats.”
Verify on trinka.ai“Trinka is HIPAA compliant, ensuring the confidentiality and security of all protected health information (PHI). If your need to sign a Business Associate Agreements (BAA), contact us.”
Verify on trinka.ai“Trinka is GDPR compliant, honoring your data privacy rights under European regulations. We ensure transparent data processing, user control, and lawful handling of your data.”
Verify on trinka.ai“Trinka is FERPA compliant, protecting student educational records and ensuring that academic institutions can use our platform while maintaining full regulatory compliance.”
Verify on trinka.ai“Trinka adheres to EU AI Act requirements, developing our artificial intelligence systems with transparency, accountability, and human oversight to ensure safe and ethical AI deployment.”
Verify on trinka.ai“Trinka meets ADA accessibility standards, ensuring our platform is fully usable by everyone through inclusive design practices.”
Verify on trinka.ai“Trinka is ISO 9001 certified for quality management, demonstrating our commitment to delivering consistent, reliable service.”
Verify on trinka.ai“Trinka meets ISO 17100 translation service standards, ensuring our multilingual capabilities deliver accurate, professional-grade language support with rigorous quality control processes.”
> Show 5 unconfirmed / not-held certifications
source: trinka.aiNo public evidence. The trust center lists SOC 2, ISO 27001:2022, HIPAA, FERPA, GDPR, EU AI Act, ADA, ISO 9001:2015 and ISO 17100:2015 as its full certification/compliance set; ISO 42001 is not among them.
source: trinka.aiNo public evidence of a CSA STAR listing or registry entry on the vendor's own domain or the CSA STAR registry.
source: trinka.aiNo public evidence found; Trinka does not describe handling cardholder data directly (billing is subscription-based, likely via a third-party payment processor), so PCI DSS is plausibly out of scope rather than a gap.
source: trinka.aiNo public evidence on the vendor's trust center or compliance pages; only ISO 27001:2022, ISO 9001:2015 and ISO 17100:2015 are claimed.
source: trinka.aiNo public evidence; Trinka is not listed in the FedRAMP marketplace and makes no FedRAMP claim on its own domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Default hosting is AWS servers based in the US ('We use AWS servers based in the US, which provides robust security features, including encryption, identity and access management, and continuous monitoring'). Enterprise customers can request private or on-premise deployment in a preferred location: 'We can deploy additional (private) servers in a preferred location or on-premise for Enterprise clients to meet their usage and compliance needs.'
Vendor explicitly states paid-plan data is excluded from AI training: 'Data of users on our paid plans is not used for any training of our AI models' and 'your data will not be used for AI training if you are on any of our paid plans (Premium, Premium Plus, Enterprise) as it is deleted periodically.' Trinka also states it uses a proprietary in-house NLP/ML model, not a third-party generative model: 'It does not use Generative AI (like ChatGPT) for grammar and spelling corrections. Hence, your personal data is never published online or used for any GPT training.' IMPORTANT GAP: the same FAQ phrasing ties the no-training guarantee specifically to 'paid plans' and to periodic/real-time deletion; the vendor's own trust center does not make an equivalent explicit no-training statement for free-tier users, and no free-tier retention period is published (only Premium: 90-day auto-delete; Enterprise Confidential/Sensitive Data Plan: real-time deletion). Treat free-tier training posture as unconfirmed.
// Security controls
Encryption in transit and at rest
"Trinka AI uses advanced encryption methods to secure your data both in transit and at rest." / "All your data is securely encrypted, both in-transit and at rest."
trinka.aiAccess controls
"Strict access controls, data anonymization, and data retention policies are implemented to ensure the data is always protected."
trinka.aiInfrastructure
AWS (US) hosting with firewalls and continuous monitoring; option for private/on-premise servers for Enterprise clients.
trinka.aiSecurity/compliance team
"Our in-house team of experts continuously monitors security, maintains compliance, and evolves our certification portfolio to meet industry best practices and customer needs."
trinka.aiThird-party audits
"Our certifications are validated through comprehensive annual audits by independent third-party firms."
trinka.aiData deletion / retention
Premium: processed data auto-deleted every 90 days. Enterprise Confidential/Sensitive Data Plan: data deleted in real time immediately after processing. Users can delete data at any time.
trinka.aiNo third-party data sharing
"Trinka AI does not share your personal data or file content with any third party" and "We do not sell, monetize, or share your data with any third party, nor do we publish it publicly."
trinka.ai// Products & data scope
data: User-submitted manuscripts/documents; free-tier limited to 5,000 words/month per third-party sources
No-AI-training and 90-day auto-deletion guarantees are stated only for paid plans; free-tier data policy is not explicitly documented on the vendor's own trust center.
data: Confidential or regulated documents (e.g., legal, life sciences, pharma)
Zero data storage, real-time deletion after processing, no AI training on this data. Priced as a paid add-on (~$500/yr per third-party pricing sources). HIPAA BAA available on request via Sales for this tier.
data: Student/researcher submissions, process-level writing data (drafts, revision history)
FERPA compliance is claimed specifically for this education-focused use case.
data: Manuscripts and peer-review content submitted by publishing/journal customers
Custom AI models trained per publisher (details of that training's data scope not disclosed on the trust center).
data: Text passed programmatically by integrating applications
Supports on-premise/offline deployment for enterprise customers, which changes the data-residency and processing profile from the default AWS-US hosted service.
// What to watch
- All certification evidence traces back to a single vendor-domain source (the Trinka trust center and its FAQ); no linked/downloadable certificate, audit-firm attestation letter, or third-party trust-portal (e.g., Vanta/Drata/SafeBase) was found to independently corroborate the SOC 2, ISO 27001, or HIPAA attestation claims. Recommend the AIFOXX advisor request the actual SOC 2 report / ISO certificate number from the vendor before treating these as fully verified for high-stakes procurement.
- AI-training no-training guarantee is explicitly scoped to 'paid plans' in the vendor's own FAQ; the free tier's training/retention posture is not addressed anywhere on the trust center, privacy policy, or data-security pages found. This is a real, unresolved gap rather than an inferred one.
- No standalone, publicly linked Data Processing Agreement (DPA) page was found; a HIPAA Business Associate Agreement (BAA) is explicitly offered on request via Sales, which suggests a general DPA is also negotiable on request but this is not confirmed in writing on the vendor's site.
- Corporate identity note (not a conflation risk, but worth flagging): the brand has recently rebranded corporate entities. The site footer reads '© Crimson AI, 2026,' the trust center says 'Trinka is developed by Enago, a trusted name with a 20+ year legacy,' and the Terms of Service state 'Trinka AI is a fully owned product of Crimson AI Pvt. Ltd.' These are consistent with a single corporate group (Crimson Interactive / Enago / Crimson AI) rather than conflated unrelated companies, but the AIFOXX listing and any contract should use the current legal name 'Crimson AI Pvt. Ltd.' as stated in the ToS.
- Default data hosting is US-based AWS (not EU), which is a relevant caveat for EU customers relying on GDPR-compliance claims for data residency purposes; EU/local hosting is only available as a custom Enterprise arrangement, not the default.
// At a glance
Pricing model
Freemium (free tier + Premium/Premium Plus subscriptions) with a paid Confidential/Sensitive Data Plan add-on and custom Enterprise/Institution/Publisher pricing.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Crimson AI Pvt. Ltd. (Trinka AI is described in its Terms of Service as "a fully owned product of Crimson AI Pvt. Ltd."; product developed under the Enago brand, part of the Crimson Interactive group)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trinka.ai