// Trust & Security Report

    Cedar Lake Ventures, Inc. logo

    Cedar Lake Ventures, Inc.

    Vectorizer.AI (AI raster-to-vector image conversion). Operated alongside sibling product Vector Magic by the same legal entity (privacy contact is privacy@vectormagic.com).

    Certifications held

    2

    Maturity

    Startup

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    PCI-DSS (payment handling)
    HELD

    We will not store or collect your payment card details. That information is provided directly to our third-party payment processors ... These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council. (PCI-DSS compliance is held by Stripe/PayPal/Braintree, NOT by the vendor itself.)

    Verify on vectorizer.ai
    GDPR alignment
    HELD

    If you are a resident of the European Economic Area (EEA), the European Union has declared that you have certain data protection rights ... You can exercise all the aforementioned rights by emailing us at privacy@vectormagic.com. We shall address your request within 30 days of its receipt. The policy also documents the GDPR legal basis for each data category. (This is a stated GDPR posture, not a third-party certification.)

    Verify on vectorizer.ai
    > Show 3 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    No SOC 2 claim appears anywhere on the vendor's site (no trust center, no security page beyond the Privacy Policy 'Security' section). The Privacy Policy only states industry-standard measures, not an audited attestation.

    source: vectorizer.ai
    ISO 27001
    NOT CONFIRMED

    No ISO 27001 claim found on the vendor's domain or in web search of the vendor/parent entity.

    source: vectorizer.ai
    HIPAA
    NOT CONFIRMED

    No HIPAA references; service is a general-purpose image vectorizer not intended for PHI.

    source: vectorizer.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not stated

    Data region

    Not explicitly stated. Privacy Policy 'Transfer of Data' clause says data 'may be transferred to and maintained on computers located outside of your ... jurisdiction.' The only named subprocessors are email and analytics providers (Amazon Web Services Simple Email Service, Google G Suite, Google Analytics) plus payment processors (Stripe, PayPal/Braintree); the policy does not name the image-processing infrastructure or its location. US-based processing is inferred from the US legal entity, not confirmed by a stated data-residency commitment. No region selection offered.

    Two distinct directions. (1) USERS are strictly prohibited from training on the vendor's outputs: 'No training, fine-tuning, evaluation, benchmarking, red-teaming, or dataset construction for any AI or ML system' and 'you may not use the output of our service for training machine learning models ... We view this as a form of reverse engineering.' (2) The VENDOR reserves the right to use customer-uploaded images to improve its own models: the Privacy Policy states for Image Processing Records, 'From time to time, we may also use them to improve the image processing algorithms that underlie the services we offer,' and the homepage FAQ says 'Our terms of service just grant us the rights we need to deliver the service to you, and to improve our products.' The Terms grant a 'worldwide, non-exclusive, perpetual, irrevocable, royalty-free ... license to use, modify, reproduce ... and otherwise fully exploit the Private User Submissions as needed to provide you with the Service.' Vendor states it 'won't share your images with third parties unless you explicitly authorize us to do so.' Their core deep-learning model was trained on a 'proprietary dataset,' not stated to be customer uploads.

    // Security controls

    Encryption in transit (HTTPS)

    Yes - 'our Website is served over HTTPS'

    vectorizer.ai

    Encryption at rest

    Not stated

    vectorizer.ai

    Access controls

    Stated - 'we implement data security organizational access controls' and 'industry standard technical and organizational measures'

    vectorizer.ai

    Data retention

    CONFLICTING. Homepage FAQ: 'we retain uploaded images and results for 24 hours, and permanently delete them shortly thereafter.' Privacy Policy: 'Records not associated with an account are deleted or anonymized within a year of creation. Image processing records associated with an account are retained indefinitely.'

    vectorizer.ai

    Bug bounty program

    None found (no HackerOne/Bugcrowd, no security.txt / responsible-disclosure page)

    vectorizer.ai

    Penetration testing

    Not disclosed

    vectorizer.ai

    Payment security

    Vendor does not store card data; handled by Stripe and PayPal/Braintree (PCI-DSS compliant processors)

    vectorizer.ai

    // Products & data scope

    Vectorizer.AI Web AppConsumer/prosumer web tool (subscription)

    data: User uploads raster images (PNG/JPG/GIF/BMP/WebP, max 3MP / 30MB). Account requires email + password; IP and timestamps logged for fraud prevention. Uploaded images stored on vendor servers; account-associated image records retained indefinitely per Privacy Policy.

    EUR 8.99/month unlimited web images. No API access. Vendor reserves the right to use uploads to improve its algorithms.

    Vectorizer.AI APIDeveloper API (usage-based credits)

    data: Programmatic image submission. Credit-based: 1 credit = 1 API image. Same upload/processing data flow and license grant as web app. API keys are 'personal, confidential, and non-transferable.'

    Tiers 50 credits (EUR 8.99) up to 100,000 credits (EUR 4,499); per-image EUR 0.180 down to EUR 0.045. 'Need more credits?' implies informal custom/enterprise volume arrangements. No formal enterprise compliance tier advertised.

    Vector Magic (sibling product)Related image-vectorization product under same parent

    data: Separate product operated by Cedar Lake Ventures with its own privacy policy; shares the privacy@vectormagic.com contact. Not assessed here.

    Indicates a small multi-product image-tooling company rather than a single-tool startup.

    // What to watch

    • Conflicting data-retention statements: homepage says 24-hour deletion; Privacy Policy says account-linked image records are 'retained indefinitely' and non-account records deleted/anonymized within a year. A reviewer should clarify which governs.
    • Vendor reserves the right to use customer-uploaded images to 'improve the image processing algorithms' (model improvement on customer data by default), despite barring users from training on its outputs.
    • Broad IP license over uploads: 'worldwide, non-exclusive, perpetual, irrevocable, royalty-free ... sublicensable and transferable license to ... fully exploit the Private User Submissions.'
    • No SOC 2 / ISO 27001 / trust center / bug bounty / pen-test disclosure. Encryption-at-rest and subprocessor list (beyond AWS, Google, Stripe, PayPal) not documented.
    • No DPA offered or referenced; not suitable for regulated/confidential or PHI data without a negotiated agreement.
    • Privacy Policy effective date is 2018 (older), while Terms were refreshed Oct 23, 2025 - some asymmetry between the two documents.

    // At a glance

    Pricing model

    Subscription (web, EUR 8.99/mo unlimited) + usage-based API credits (EUR 8.99 to EUR 4,499/mo tiers, credits roll over up to 5x). Non-refundable; remaining credits forfeited on cancellation.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Cedar Lake Ventures, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    vectorizer.ai

    > Browse all vendor trust reports