// Trust & Security Report

    Veed Limited logo

    Veed Limited

    Browser-based AI video creation and editing platform (VEED) — includes the core web video editor, AI subtitles/dubbing/avatars/image generation tools, a mobile app, an API, and a Business/Enterprise tier with additional legal and security terms

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    VEED has successfully completed its SOC 2 Type II audit for Security... The independent assessment, conducted by Prescient Assurance, evaluated the design and operating effectiveness of our controls between November 4, 2025 and February 4, 2026.

    Verify on trust.veed.io
    GDPR (compliance posture)
    HELD

    Yes, we comply with GDPR and the CPPA. We have users from all over the world and are therefore required to abide by local data privacy laws and regulations. We have incorporated the European SCC into our Data Processing Agreements (DPAs). DPAs are available for Enterprise plan customers.

    Verify on support.veed.io
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence. Veed's own trust center (trust.veed.io) lists only 'SOC 2' under its Compliance section and its resource list (SOC-2 Type2 Report, penetration test reports, internal policies) contains no ISO 27001 certificate. Third-party badge-aggregator sites (e.g. nudgesecurity.com) claim VEED is 'ISO 27001 Compliant', but this is not corroborated anywhere on veed.io, support.veed.io, or trust.veed.io.

    source: trust.veed.io
    HIPAA
    NOT CONFIRMED

    VEED's Code of Conduct instructs users not to upload 'protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional.' No BAA is offered.

    source: support.veed.io
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not listed on trust.veed.io, veed.io/security, or any support.veed.io article. Payment processing is handled by a third-party payment provider rather than being disclosed as an in-scope VEED control.

    source: trust.veed.io
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not mentioned anywhere on VEED's own domain; FedRAMP applies to US federal government cloud services and VEED is a UK-headquartered consumer/SMB SaaS product with no federal authorization listed.

    source: trust.veed.io
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not present on trust.veed.io's compliance or resources sections.

    source: trust.veed.io
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence. VEED's trust center and security pages describe general infosec controls but do not reference an AI management system certification.

    source: trust.veed.io

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    EU (Google Cloud Platform, europe-west1), per VEED's own security FAQ

    VEED's privacy policy states it may use content from users on the Free subscription tier 'to develop or improve our Applications... This processing activity includes training and developing any relevant artificial intelligence models,' excluding content submitted via the mobile app. Free-tier users can object, but to actually stop the processing they must delete their account or upgrade to a paid subscription rather than toggle a simple opt-out while remaining on the free tier. Separately, VEED's AI-tools content policy states users 'own' their AI-generated images but grant Veed Limited the right to host them and 'use them to market and improve our products and services,' which is broader than pure model-training language.

    // Security controls

    Encryption in transit and at rest

    Data is encrypted in transit and at rest using AES / TLS

    support.veed.io

    Data hosting region

    EU (Google Cloud Platform, europe-west1)

    support.veed.io

    Third-party penetration testing

    External security testing performed at least once every 12 months; a 2026 penetration test report and remediation status are published in the trust center

    trust.veed.io

    Continuous monitoring

    Daily automated security sweeps of production applications

    support.veed.io

    Business continuity / disaster recovery

    Documented Business Continuity and Disaster Recovery Plan; controls list includes tested continuity/DR plans and cybersecurity insurance

    trust.veed.io

    Subprocessor disclosure

    Public subprocessor list maintained on trust center (Cloudflare, Google Cloud Platform, Dolby, Cleanvoice, Sieve, plus Meta/TikTok for marketing analytics)

    trust.veed.io

    // Products & data scope

    VEED Web Editor (Free / Pro / Business consumer tiers)Browser-based AI video editor

    data: User-uploaded video, audio and image content; account/profile data; usage analytics

    Free-tier uploaded content may be used to train VEED's AI models unless the account is deleted or upgraded to paid; no DPA available at this tier.

    VEED Mobile AppMobile video editor

    data: User-uploaded video/audio content from mobile devices

    Explicitly excluded from the AI-training data pool per the privacy policy, unlike the web product.

    VEED Enterprise / BusinessEnterprise video platform with contractual controls

    data: Same content types as the web editor, plus admin/org-level account data

    Only tier where a Data Processing Agreement incorporating EU Standard Contractual Clauses is made available; SOC 2 Type II report accessible via trust center request.

    VEED APIProgrammatic video generation/editing API

    data: Video/audio payloads submitted via API calls

    Runs on the same underlying infrastructure and subprocessor list as the web product; no API-specific compliance documentation found.

    // What to watch

    • Third-party badge-aggregator sites (e.g. nudgesecurity.com) claim VEED holds ISO 27001, HIPAA, PCI DSS, FedRAMP, and CSA STAR certifications. None of these appear on VEED's own trust center, security page, or privacy/support articles, and VEED's Code of Conduct explicitly asks users not to upload HIPAA-regulated data - treat the aggregator's claims as unverified over-claims, not vendor-asserted facts.
    • Free-tier user content is used by default to train VEED's AI models; opting out requires deleting the account or moving to a paid plan rather than a simple toggle, which is a meaningful privacy caveat for free-tier users.
    • DPA / SCC coverage is limited to Enterprise-tier customers; Free and self-serve paid customers do not appear to have DPA access based on published documentation.
    • VEED's AI-tools terms grant the company a broad, transferable license to host and use AI-generated user images to 'market and improve' its products, beyond what is strictly needed for model training disclosure.

    // At a glance

    Pricing model

    Freemium SaaS subscription (Free, Lite/Pro paid tiers, and a Business/Enterprise tier with custom contracts)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Veed Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.veed.io

    > Browse all vendor trust reports