// Trust & Security Report

    Unbabel Inc. logo

    Unbabel Inc.

    LangOps (Language Operations) Platform combining AI machine translation with an optional human-in-the-loop review layer and a Quality Estimation / MT-Score scoring engine; sub-products include the core Translation Platform (API + workflow integrations for support tools like Zendesk), the Editor Hub (interface for human editors/translators), and the Quality Intelligence / MT Score tool for benchmarking third-party MT engines.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001
    HELD

    Unbabel is certified against the ISO27001 standards, the international standard for Information Security Management Systems (ISMS).

    Verify on unbabel.com
    EU-U.S. Data Privacy Framework (DPF)
    HELD

    Unbabel complies with the EU-U.S. Data Privacy Framework and has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union.

    Verify on unbabel.com
    > Show 6 unconfirmed / not-held certifications
    ISO 9001
    NOT CONFIRMED

    Unbabel has developed a Quality Management System (QMS) governing the development, operation and improvement of our processes, and is pursuing the ISO 9001:2015 certification.

    source: unbabel.com
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence: SOC 2 is not mentioned on Unbabel's security page, privacy policy, or terms; the site instead points to annual third-party audits and ISO 27001 without naming SOC 2 or offering a downloadable SOC 2 report.

    source: unbabel.com
    HIPAA
    NOT CONFIRMED

    No public evidence: HIPAA is not referenced anywhere on unbabel.com (security page, privacy policy, or terms). Unbabel's stated compliance scope is GDPR/CCPA-focused, not healthcare-specific.

    source: unbabel.com
    PCI DSS
    NOT CONFIRMED

    No public evidence: PCI DSS is not mentioned on Unbabel's public site. Unbabel is a translation/LangOps platform, not a payment processor, so PCI DSS is likely out of scope.

    source: unbabel.com
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification. Unbabel is a founding/lead partner of the 'Center for Responsible AI', a Portugal-based EU-funded research consortium (~EUR78M investment announced 2022) on responsible-AI R&D; this is a research initiative, not a compliance certification, and should not be conflated with ISO 42001 or CSA STAR for AI.

    source: unbabel.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found on unbabel.com of CSA STAR registration or certification.

    source: unbabel.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Not explicitly disclosed on public pages; privacy policy addresses cross-border transfers out of the EEA via Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework. Listed sub-processors (per privacy policy, ~23 entities) include AWS, Google Cloud, Microsoft Azure, OpenAI, Salesforce and Zendesk, spanning the US, Germany, Malta, UK and Israel, implying a multi-region/US+EU hosting footprint rather than a single fixed region.

    Customer translations can be used to retrain Unbabel's machine translation engines, but only in an anonymized/pseudonymized form: PII is automatically detected, removed and stored in an encrypted vault before any human or machine model sees the content, and restored only after translation. Quote: 'Where a translation is used for the retraining of machine learning engines, data is retrained in an anonymized format.' No explicit customer-facing opt-out toggle for training was found on the public site; enterprise customers likely negotiate this contractually (unverified beyond public pages).

    // Security controls

    Encryption in transit

    TLS-negotiated secure sockets for data transfer (TLS 1.2 and 1.3)

    unbabel.com

    Encryption at rest

    AES-256 encryption algorithm is used for data encryption at rest in both database management systems and file storage

    unbabel.com

    PII handling

    PII is automatically detected, removed, and stored in an encrypted vault during translation jobs; reinserted only after translation completes so no machine or human translator sees the original PII

    unbabel.com

    Penetration testing

    Unbabel employs a third party to conduct frequent penetration testing

    unbabel.com

    Independent audits

    Unbabel undergoes rigorous audits on an annual basis to attest that our control environment is fit for purpose

    unbabel.com

    Responsible disclosure / vulnerability reporting

    Public responsible disclosure program with reports directed to security@unbabel.com

    unbabel.com

    // Products & data scope

    Unbabel LangOps Platform (core)AI + human-in-the-loop translation platform

    data: Customer support/marketing/product text submitted for translation; PII pseudonymized before human editor exposure

    Primary enterprise product; ISO 27001 and the security controls above apply to this platform per the vendor's security page.

    Editor Hub (translator/editor interface)Workforce tooling for Unbabel's human translation community

    data: Anonymized/pseudonymized translation segments only, per the vendor's stated PII-redaction pipeline

    Distinct login surface from the customer platform; separate privacy considerations for the editor community are covered under a separate careers/community privacy notice (careers.unbabel.com/data-privacy), not fully verified here.

    Quality Intelligence / MT ScoreMT quality-estimation / benchmarking tool

    data: Sample translation text submitted by users to benchmark MT engines

    Marketed as a lighter-weight, potentially self-serve tool; no distinct compliance page found, assumed to inherit platform-level security posture but unverified independently.

    // What to watch

    • No SOC 2 report, badge, or mention found anywhere on unbabel.com; do not list SOC 2 for this vendor.
    • Identity-conflation risk: Unbabel's 'Center for Responsible AI' is a separate EU-funded research consortium Unbabel leads (responsible-AI R&D investment, not a product certification). It must not be listed or implied as an ISO 42001 / CSA STAR AI-governance credential.
    • Data residency is not explicitly published; only inferred from a sub-processor list mentioned in the privacy policy. AIFOXX should show 'not verified' rather than a specific region unless a customer-facing data-residency commitment is found.
    • AI training on customer data is affirmed (anonymized) but no explicit self-serve opt-out mechanism was found on public pages; enterprise customers should confirm contractually.
    • No dedicated automated trust-center portal (e.g., Vanta/Drata/SafeBase) was found; unbabel.com/security/ functions as a static marketing/security page rather than a live compliance dashboard, so cert status could go stale without notice.

    // At a glance

    Pricing model

    Not disclosed on public pages; enterprise/demo-gated sales motion ('Get a demo', 'Speak to an expert') typical of B2B LangOps platforms, no self-serve public pricing found.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Unbabel Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    unbabel.com

    > Browse all vendor trust reports