// Trust & Security Report

    TypeAI Inc. logo

    TypeAI Inc.

    Type.ai is a single consumer/prosumer product: an AI-assisted document editor for long-form creative writing (books, screenplays, stories). No separate enterprise, API, or team tier was found; pricing is a single subscription (Free / paid plans starting at $8-12/month) with access to third-party models from Anthropic, OpenAI, and Google.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence: no trust center, security page, or SOC 2 mention found on type.ai, blog.type.ai, privacy policy, or terms of service; https://type.ai/security returns 404.

    source: type.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence: not mentioned anywhere on the vendor's site, privacy policy, or terms of service.

    source: type.ai
    GDPR
    NOT CONFIRMED

    No formal GDPR-compliance claim found. Privacy policy discusses international data transfers ('Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country') but does not name GDPR, an EU representative, or a lawful-basis framework.

    source: type.ai
    HIPAA
    NOT CONFIRMED

    No public evidence: no BAA, no HIPAA mention on the vendor's site; not marketed as a healthcare tool.

    source: type.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence. Payment processing is delegated to Stripe; the privacy policy only references Stripe's own privacy policy for payment data, with no PCI DSS claim by Type itself.

    source: type.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence found on the vendor's site.

    source: type.ai
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence found on the vendor's site.

    source: type.ai
    CSA STAR / CSA STAR AI
    NOT CONFIRMED

    No public evidence found on the vendor's site.

    source: type.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence found; not applicable to a consumer writing tool with no government/enterprise track.

    source: type.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States (explicit statement that personal information may be transferred to the US or other locations); no formal EU/UK data residency option disclosed.

    CONTRADICTION FOUND. The marketing homepage FAQ states plainly: 'Does Type.ai train on my data? No, Type does not train any AI models on your data. All of your uploads and documents in Type remain private to you.' and lists 'Private and secure: No AI models are trained on your data, ever.' as a feature. However, the Terms of Service (Section 12(c)) grants Type an 'unrestricted, unlimited, irrevocable, perpetual, non-exclusive, transferable, royalty-free, fully-paid, worldwide right, and license to host, use, copy, reproduce, disclose, sell, resell, publish, broadcast, retitle, archive, store, cache, publicly perform, publicly display, reformat, translate, transmit, excerpt...and distribute your Submitted Content and Generated Content'. Section 12(e) separately grants Type the right to 'collect, examine, extract, model, manipulate, aggregate, collate, analyze, create analysis using, reproduce and otherwise use, on a de-identified basis, any information...including, without limitation, (i) developing, operating, and ensuring the integrity of data sets, algorithms or other analytical tools, (ii) testing, implementing, benchmarking, integrating, developing, optimizing or improving Type software.' The privacy policy separately confirms user prompts/documents are shared with third-party model providers OpenAI and Anthropic to generate content, with no opt-out described. The 'never trains on your data' claim appears to refer narrowly to not fine-tuning third-party foundation models on verbatim user content, while the ToS reserves broad rights (including on de-identified data) for internal algorithm development, and a separately very broad content license (sell/resell/publish) that is unusual for a privacy-forward pitch. This is a legacy-ToS-vs-marketing-page contradiction that should be flagged, not silently resolved in the vendor's favor.

    // Security controls

    Encryption in transit/at rest

    Not disclosed. Privacy policy only states generically: 'We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect,' with no specifics on encryption, key management, or infrastructure.

    type.ai

    Offline mode / local storage

    Product supports full offline editing ('Write anywhere, anytime, even without an internet connection'), implying local document caching on-device; no detail on how offline data is secured.

    type.ai

    Third-party sub-processors

    Confirmed use of Intercom (chat), Amplitude and Highlight.io (session replay, recording clicks/taps/mouse movements/keystrokes), Stripe (payments), and AI model providers OpenAI, Anthropic, and Google (for generation).

    type.ai

    Security/trust center page

    None found. https://type.ai/security returns HTTP 404; no subdomain trust portal (trust.type.ai does not resolve).

    type.ai

    // Products & data scope

    Type.ai editor (Free tier)Consumer AI writing tool

    data: User documents, prompts, and account/usage data; free plan gives access to drafts stored in Type's cloud.

    No enterprise/business tier, admin console, or SSO mentioned anywhere on the site.

    Type.ai editor (Paid plans, $8-12/mo)Consumer AI writing tool

    data: Same document/prompt data as free tier plus access to 'premium AI models from Anthropic, OpenAI, and Google.'

    Site references a separate privacy-policy carve-out for 'business customers' ('This policy does not apply to information that we process on behalf of our business customers') implying some B2B usage exists, but no distinct business/enterprise product page, security page, or DPA was found for it.

    // What to watch

    • Contradiction between marketing/FAQ claim ('No AI models are trained on your data, ever') and Terms of Service Section 12(c)/12(e), which grant Type broad rights to use, and even sell/resell/publish, user Submitted and Generated Content, plus rights to use de-identified data for algorithm development and product optimization. This is an over-claim risk that should be surfaced to buyers, not resolved silently.
    • No certifications (SOC 2, ISO 27001, GDPR attestation, HIPAA, PCI DSS) held or claimed anywhere on the vendor's own domain; treat as a startup-stage vendor with no formal compliance program.
    • No DPA, encryption specifics, or data-retention policy disclosed publicly; buyers with compliance requirements should request these directly from the vendor before purchase.
    • Site references a 'business customers' carve-out in the privacy policy but no corresponding enterprise product, security page, or DPA is published, so the actual data-handling terms for that segment are unverified.

    // At a glance

    Pricing model

    Freemium subscription ($8-12/month tiers), no visible enterprise/API pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on TypeAI Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    type.ai

    > Browse all vendor trust reports