// Trust & Security Report
Undetectable Inc. (privacy policy names "Undetectable LLC"; terms of service name "Undetectable Inc., doing business as Undetectable AI" - see flags)
AI content detection and humanization suite: free AI Detector (checks text against major AI checkers), AI Humanizer (rewrites AI text to read as human-written), AI Image/Video Detector, Sentence Rewriter, Word Counter, Chrome Extension, plus a paid Developer API and white-label/reseller "Business Solutions" offering for agencies and platforms.
Certifications held
0
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: undetectable.aiNo public evidence. No trust center exists; privacy policy and terms of service contain no reference to SOC 2 or any independent audit.
source: undetectable.aiNo public evidence. No mention of ISO 27001 or an information security management system anywhere on the vendor's site, privacy policy, or terms.
source: undetectable.aiNo public evidence of an AI governance/management-system certification.
source: undetectable.aiNo public evidence of a HIPAA compliance program, BAA offering, or healthcare-specific data handling. This is a consumer text-detection tool with no health-data use case referenced anywhere on the site.
source: undetectable.ai"If you are a resident in the European Economic Area (EEA) or United Kingdom (UK)..." the policy lists EEA/UK data-subject rights (access, deletion, consent withdrawal, complaint to a supervisory authority) but does not claim formal GDPR certification, does not name a mechanism for international transfers (no mention of Standard Contractual Clauses), and the sentence describing server location is left incomplete ("Our servers are located in."). Graded held=false because this is a rights disclosure, not an attested compliance certification, and the transfer/hosting basis is unclear.
source: undetectable.aiNo public evidence; payment processing appears to be handled by a third-party processor (not disclosed by name in the fetched pages), with the terms of service disclaiming responsibility for stored payment credential breaches.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not disclosed. Privacy policy states "We may transfer, store, and process your information in countries other than your own" and "the services are hosted in the United States" per third-party summary, but the policy's own server-location sentence is truncated/incomplete ("Our servers are located in."), so the primary-source text does not reliably confirm a specific hosting region.
Undetectable's homepage FAQ (undetectable.ai) explicitly states its models are not trained on user content: "Does the AI Checker store or train on my content? No. Your text is never stored or used to train models. For teams, our Business Solutions include even stricter data retention controls." That is a first-party vendor-domain statement, so trains_on_customer_data is graded false. Caveat: the Privacy Policy (last updated 2023-03-18) is silent on model training and does not restate this commitment, so the no-training assurance currently rests on a marketing FAQ rather than a binding privacy-policy clause; buyers submitting sensitive text may wish to have it confirmed contractually. Separately, the Terms of Service prohibit the OPPOSITE direction: users are barred from using Undetectable's services, content, or generated output to train their own machine learning models ("You agree not to use...the services, content, or any output generated by Undetectable AI for the purpose of training, fine-tuning, or otherwise developing any machine learning models...") - that clause protects Undetectable's own IP and says nothing about Undetectable's use of customer input.
// Security controls
Encryption in transit/at rest
Not documented. No vendor-domain page (privacy policy, terms, help center) describes encryption practices.
undetectable.aiIndependent security audits
No public evidence of third-party penetration testing or audit reports.
undetectable.aiData deletion
Account deletion is supported via a help-center article; general retention language states data is kept only as long as necessary and deleted or anonymized when no longer needed for stated purposes.
help.undetectable.aiLiability / breach disclaimer
Terms of Service disclaim responsibility for "unauthorized access to or secure servers" and breaches of personal/financial information, and cap liability at amounts paid by the customer.
undetectable.ai// Products & data scope
data: Pasted or uploaded text (up to word-count limits), processed to produce a detection score.
Primary free-tier consumer product; no distinct security terms found beyond the general privacy policy.
data: User-submitted AI-generated text, rewritten by the service.
Paid tiers apply; no separate data-handling disclosure found from the consumer detector.
data: Uploaded images/video for AI-generation/deepfake analysis.
Newer product line surfaced on the homepage; no dedicated privacy addendum located.
data: Programmatic submission of text/documents by third-party developers; rate-limited (3 req/sec/IP by default, higher on request).
Documented at docs.undetectable.ai; no distinct enterprise security terms found.
data: Same underlying detection/humanization data flow, repackaged for agencies and platforms to resell under their own brand.
Marketing page describes white-labeling and revenue-share/affiliate terms; no dedicated enterprise security, SLA, or compliance documentation was found.
// What to watch
- Legal entity name mismatch between the vendor's own documents: the Privacy Policy defines the company as "Undetectable LLC" while the Terms of Service define it as "Undetectable Inc., doing business as Undetectable AI." This could indicate a corporate restructuring (LLC to Inc.) with one document left stale, or a drafting error; AIFOXX should not assert a single legal entity name with certainty until the vendor confirms.
- Privacy policy contains an incomplete/truncated sentence about server location ("Our servers are located in."), leaving data hosting region unconfirmed from the primary source.
- Undetectable's homepage FAQ states user text is "never stored or used to train models," so training-on-customer-data is graded false; however, this no-training assurance appears only in a marketing FAQ and is NOT restated in the Privacy Policy (last updated 2023-03-18), which is silent on model training. Users submitting sensitive or proprietary text should seek a contractual confirmation rather than relying on the FAQ alone.
- Privacy policy last updated 2023-03-18 per the fetched page; given the product has since added Image/Video Detector and expanded Business Solutions/API offerings, the policy may not reflect current data flows.
- Homepage marketing claims ("Trusted by 23M+ users", "99%+ Accuracy Proven By Independent Tests", "Rated #1 Best AI Detector by Forbes") are product-efficacy/marketing claims, not security or compliance claims; they were not verified as part of this security assessment and should not be conflated with a compliance posture.
- PCI DSS / payment processor identity not disclosed on vendor pages; treat as unknown rather than assuming a compliant third-party processor.
// At a glance
Pricing model
Freemium (free AI Detector with word limits) plus paid subscription tiers for the Humanizer/higher usage, and a separate pay-as-you-go/API pricing track for developers and resellers.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Undetectable Inc. (privacy policy names "Undetectable LLC"; terms of service name "Undetectable Inc., doing business as Undetectable AI" - see flags)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
undetectable.ai