// Trust & Security Report

    Undetectable Inc. (privacy policy names "Undetectable LLC"; terms of service name "Undetectable Inc., doing business as Undetectable AI" - see flags) logo

    Undetectable Inc. (privacy policy names "Undetectable LLC"; terms of service name "Undetectable Inc., doing business as Undetectable AI" - see flags)

    AI content detection and humanization suite: free AI Detector (checks text against major AI checkers), AI Humanizer (rewrites AI text to read as human-written), AI Image/Video Detector, Sentence Rewriter, Word Counter, Chrome Extension, plus a paid Developer API and white-label/reseller "Business Solutions" offering for agencies and platforms.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center exists; privacy policy and terms of service contain no reference to SOC 2 or any independent audit.

    source: undetectable.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence. No mention of ISO 27001 or an information security management system anywhere on the vendor's site, privacy policy, or terms.

    source: undetectable.ai
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence of an AI governance/management-system certification.

    source: undetectable.ai
    CSA STAR / CSA STAR AI
    NOT CONFIRMED

    No public evidence.

    source: undetectable.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA compliance program, BAA offering, or healthcare-specific data handling. This is a consumer text-detection tool with no health-data use case referenced anywhere on the site.

    source: undetectable.ai
    GDPR (posture)
    NOT CONFIRMED

    "If you are a resident in the European Economic Area (EEA) or United Kingdom (UK)..." the policy lists EEA/UK data-subject rights (access, deletion, consent withdrawal, complaint to a supervisory authority) but does not claim formal GDPR certification, does not name a mechanism for international transfers (no mention of Standard Contractual Clauses), and the sentence describing server location is left incomplete ("Our servers are located in."). Graded held=false because this is a rights disclosure, not an attested compliance certification, and the transfer/hosting basis is unclear.

    source: undetectable.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence; payment processing appears to be handled by a third-party processor (not disclosed by name in the fetched pages), with the terms of service disclaiming responsibility for stored payment credential breaches.

    source: undetectable.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not disclosed. Privacy policy states "We may transfer, store, and process your information in countries other than your own" and "the services are hosted in the United States" per third-party summary, but the policy's own server-location sentence is truncated/incomplete ("Our servers are located in."), so the primary-source text does not reliably confirm a specific hosting region.

    Undetectable's homepage FAQ (undetectable.ai) explicitly states its models are not trained on user content: "Does the AI Checker store or train on my content? No. Your text is never stored or used to train models. For teams, our Business Solutions include even stricter data retention controls." That is a first-party vendor-domain statement, so trains_on_customer_data is graded false. Caveat: the Privacy Policy (last updated 2023-03-18) is silent on model training and does not restate this commitment, so the no-training assurance currently rests on a marketing FAQ rather than a binding privacy-policy clause; buyers submitting sensitive text may wish to have it confirmed contractually. Separately, the Terms of Service prohibit the OPPOSITE direction: users are barred from using Undetectable's services, content, or generated output to train their own machine learning models ("You agree not to use...the services, content, or any output generated by Undetectable AI for the purpose of training, fine-tuning, or otherwise developing any machine learning models...") - that clause protects Undetectable's own IP and says nothing about Undetectable's use of customer input.

    // Security controls

    Encryption in transit/at rest

    Not documented. No vendor-domain page (privacy policy, terms, help center) describes encryption practices.

    undetectable.ai

    Independent security audits

    No public evidence of third-party penetration testing or audit reports.

    undetectable.ai

    Data deletion

    Account deletion is supported via a help-center article; general retention language states data is kept only as long as necessary and deleted or anonymized when no longer needed for stated purposes.

    help.undetectable.ai

    Liability / breach disclaimer

    Terms of Service disclaim responsibility for "unauthorized access to or secure servers" and breaches of personal/financial information, and cap liability at amounts paid by the customer.

    undetectable.ai

    // Products & data scope

    AI Detector (free/consumer)AI content detection

    data: Pasted or uploaded text (up to word-count limits), processed to produce a detection score.

    Primary free-tier consumer product; no distinct security terms found beyond the general privacy policy.

    AI HumanizerAI text rewriting

    data: User-submitted AI-generated text, rewritten by the service.

    Paid tiers apply; no separate data-handling disclosure found from the consumer detector.

    AI Image/Video DetectorAI media detection

    data: Uploaded images/video for AI-generation/deepfake analysis.

    Newer product line surfaced on the homepage; no dedicated privacy addendum located.

    Developer APIAPI / integration

    data: Programmatic submission of text/documents by third-party developers; rate-limited (3 req/sec/IP by default, higher on request).

    Documented at docs.undetectable.ai; no distinct enterprise security terms found.

    Business Solutions (white-label / reseller)B2B / agency reseller

    data: Same underlying detection/humanization data flow, repackaged for agencies and platforms to resell under their own brand.

    Marketing page describes white-labeling and revenue-share/affiliate terms; no dedicated enterprise security, SLA, or compliance documentation was found.

    // What to watch

    • Legal entity name mismatch between the vendor's own documents: the Privacy Policy defines the company as "Undetectable LLC" while the Terms of Service define it as "Undetectable Inc., doing business as Undetectable AI." This could indicate a corporate restructuring (LLC to Inc.) with one document left stale, or a drafting error; AIFOXX should not assert a single legal entity name with certainty until the vendor confirms.
    • Privacy policy contains an incomplete/truncated sentence about server location ("Our servers are located in."), leaving data hosting region unconfirmed from the primary source.
    • Undetectable's homepage FAQ states user text is "never stored or used to train models," so training-on-customer-data is graded false; however, this no-training assurance appears only in a marketing FAQ and is NOT restated in the Privacy Policy (last updated 2023-03-18), which is silent on model training. Users submitting sensitive or proprietary text should seek a contractual confirmation rather than relying on the FAQ alone.
    • Privacy policy last updated 2023-03-18 per the fetched page; given the product has since added Image/Video Detector and expanded Business Solutions/API offerings, the policy may not reflect current data flows.
    • Homepage marketing claims ("Trusted by 23M+ users", "99%+ Accuracy Proven By Independent Tests", "Rated #1 Best AI Detector by Forbes") are product-efficacy/marketing claims, not security or compliance claims; they were not verified as part of this security assessment and should not be conflated with a compliance posture.
    • PCI DSS / payment processor identity not disclosed on vendor pages; treat as unknown rather than assuming a compliant third-party processor.

    // At a glance

    Pricing model

    Freemium (free AI Detector with word limits) plus paid subscription tiers for the Humanizer/higher usage, and a separate pay-as-you-go/API pricing track for developers and resellers.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Undetectable Inc. (privacy policy names "Undetectable LLC"; terms of service name "Undetectable Inc., doing business as Undetectable AI" - see flags)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    undetectable.ai

    > Browse all vendor trust reports