// Trust & Security Report
Unbabel Inc.
LangOps (Language Operations) Platform combining AI machine translation with an optional human-in-the-loop review layer and a Quality Estimation / MT-Score scoring engine; sub-products include the core Translation Platform (API + workflow integrations for support tools like Zendesk), the Editor Hub (interface for human editors/translators), and the Quality Intelligence / MT Score tool for benchmarking third-party MT engines.
Certifications held
2
Maturity
Growth
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on unbabel.com“Unbabel is certified against the ISO27001 standards, the international standard for Information Security Management Systems (ISMS).”
Verify on unbabel.com“Unbabel complies with the EU-U.S. Data Privacy Framework and has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union.”
> Show 6 unconfirmed / not-held certifications
source: unbabel.comUnbabel has developed a Quality Management System (QMS) governing the development, operation and improvement of our processes, and is pursuing the ISO 9001:2015 certification.
source: unbabel.comNo public evidence: SOC 2 is not mentioned on Unbabel's security page, privacy policy, or terms; the site instead points to annual third-party audits and ISO 27001 without naming SOC 2 or offering a downloadable SOC 2 report.
source: unbabel.comNo public evidence: HIPAA is not referenced anywhere on unbabel.com (security page, privacy policy, or terms). Unbabel's stated compliance scope is GDPR/CCPA-focused, not healthcare-specific.
source: unbabel.comNo public evidence: PCI DSS is not mentioned on Unbabel's public site. Unbabel is a translation/LangOps platform, not a payment processor, so PCI DSS is likely out of scope.
source: unbabel.comNo public evidence of ISO/IEC 42001 certification. Unbabel is a founding/lead partner of the 'Center for Responsible AI', a Portugal-based EU-funded research consortium (~EUR78M investment announced 2022) on responsible-AI R&D; this is a research initiative, not a compliance certification, and should not be conflated with ISO 42001 or CSA STAR for AI.
source: unbabel.comNo public evidence found on unbabel.com of CSA STAR registration or certification.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Not explicitly disclosed on public pages; privacy policy addresses cross-border transfers out of the EEA via Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework. Listed sub-processors (per privacy policy, ~23 entities) include AWS, Google Cloud, Microsoft Azure, OpenAI, Salesforce and Zendesk, spanning the US, Germany, Malta, UK and Israel, implying a multi-region/US+EU hosting footprint rather than a single fixed region.
Customer translations can be used to retrain Unbabel's machine translation engines, but only in an anonymized/pseudonymized form: PII is automatically detected, removed and stored in an encrypted vault before any human or machine model sees the content, and restored only after translation. Quote: 'Where a translation is used for the retraining of machine learning engines, data is retrained in an anonymized format.' No explicit customer-facing opt-out toggle for training was found on the public site; enterprise customers likely negotiate this contractually (unverified beyond public pages).
// Security controls
Encryption at rest
AES-256 encryption algorithm is used for data encryption at rest in both database management systems and file storage
unbabel.comPII handling
PII is automatically detected, removed, and stored in an encrypted vault during translation jobs; reinserted only after translation completes so no machine or human translator sees the original PII
unbabel.comPenetration testing
Unbabel employs a third party to conduct frequent penetration testing
unbabel.comIndependent audits
Unbabel undergoes rigorous audits on an annual basis to attest that our control environment is fit for purpose
unbabel.comResponsible disclosure / vulnerability reporting
Public responsible disclosure program with reports directed to security@unbabel.com
unbabel.com// Products & data scope
data: Customer support/marketing/product text submitted for translation; PII pseudonymized before human editor exposure
Primary enterprise product; ISO 27001 and the security controls above apply to this platform per the vendor's security page.
data: Anonymized/pseudonymized translation segments only, per the vendor's stated PII-redaction pipeline
Distinct login surface from the customer platform; separate privacy considerations for the editor community are covered under a separate careers/community privacy notice (careers.unbabel.com/data-privacy), not fully verified here.
data: Sample translation text submitted by users to benchmark MT engines
Marketed as a lighter-weight, potentially self-serve tool; no distinct compliance page found, assumed to inherit platform-level security posture but unverified independently.
// What to watch
- No SOC 2 report, badge, or mention found anywhere on unbabel.com; do not list SOC 2 for this vendor.
- Identity-conflation risk: Unbabel's 'Center for Responsible AI' is a separate EU-funded research consortium Unbabel leads (responsible-AI R&D investment, not a product certification). It must not be listed or implied as an ISO 42001 / CSA STAR AI-governance credential.
- Data residency is not explicitly published; only inferred from a sub-processor list mentioned in the privacy policy. AIFOXX should show 'not verified' rather than a specific region unless a customer-facing data-residency commitment is found.
- AI training on customer data is affirmed (anonymized) but no explicit self-serve opt-out mechanism was found on public pages; enterprise customers should confirm contractually.
- No dedicated automated trust-center portal (e.g., Vanta/Drata/SafeBase) was found; unbabel.com/security/ functions as a static marketing/security page rather than a live compliance dashboard, so cert status could go stale without notice.
// At a glance
Pricing model
Not disclosed on public pages; enterprise/demo-gated sales motion ('Get a demo', 'Speak to an expert') typical of B2B LangOps platforms, no self-serve public pricing found.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Unbabel Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
unbabel.com