// Trust & Security Report
Viggle Inc.
Consumer/creator AI motion & video platform: Viggle (Meme Maker, Mix, Motion Control, Real-Time Swap, image/video generation), PINOC (video-to-3D skeletal motion capture, exports FBX/GLB), Fight Anyone 3D (character game), plus a developer API for programmatic character-animation generation.
Certifications held
0
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: viggle.aiNo public evidence. No trust center, security page, or cert badge found on viggle.ai; only a Privacy Policy and Terms of Use are published.
source: viggle.aiNo public evidence on the vendor's own domain.
source: viggle.aiNo public evidence of a HIPAA program or BAA offering. Product is a consumer/creator video tool, not marketed for healthcare data.
source: viggle.aiNo public evidence on the vendor's own domain. Payment processing is presumably handled by a third-party payment provider (not confirmed), not disclosed as Viggle's own PCI scope.
source: viggle.aiNo public evidence; not applicable to this consumer-facing product line.
source: viggle.aiNo public evidence of an AI-governance certification program.
source: viggle.aiPrivacy policy addresses GDPR data-subject rights (access, correction, restriction, objection, portability) and names an EU/international complaint path, but this is a stated policy posture, not a third-party-audited certification, so it is graded separately under privacy below rather than as a held cert.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Primary processing in the United States; breach-notification language references Canadian federal (Office of the Privacy Commissioner of Canada) and Quebec (Commission d'acces a l'information) authorities, suggesting the policy is drafted to cover Canadian users/entity ties in addition to a US processing base. No EU data-residency commitment or Standard Contractual Clauses were found in public text.
Per the vendor's own privacy policy: extracted skeletal/motion data used to generate a video is 'not stored or retained after your video is generated,' and Viggle states it does 'not store users' face data, nor... share any user-related face data with third parties.' However, the same policy separately states that uploaded images (excluding the extracted data) and generated content ARE used 'to improve our services, including to train and improve our AI models.' No public self-service opt-out from this training use was found. Independent third-party reviews (not vendor-controlled, e.g. softwarecurio.com) allege uploaded content and facial likeness may be retained and used in training indefinitely, even post-deletion -- this contradicts the vendor's own 'not stored/retained' language and could not be independently confirmed or refuted; flagged below rather than resolved.
// Security controls
Encryption in transit
Vendor states it uses SSL/TLS encryption to protect data during transmission.
viggle.aiGeneral security controls
Vendor claims 'industry-standard security measures' and periodic review of practices; no specifics (encryption-at-rest, pen-testing cadence, access controls) are disclosed publicly.
viggle.aiSubprocessors
Discloses use of Sentry (crash diagnostics, configured to exclude default PII such as IP address; session-replay masks sensitive text inputs by default) and AppsFlyer (marketing attribution / install fraud detection), both processing on US servers.
viggle.aiBreach notification
States it will notify affected individuals and relevant privacy regulators (Canada's OPC, and Quebec's CAI where applicable) in the event of a breach posing real risk of significant harm.
viggle.aiAccount security
Terms require users to keep account/authentication credentials secure and report unauthorized use immediately; standard user-side control, not an org-level security program.
viggle.ai// Products & data scope
data: User-uploaded images, reference videos, and generated outputs; per privacy policy this content may be used to train Viggle's AI models.
Core consumer product, web + mobile app; content is stated to be cleared for commercial use.
data: Video footage submitted for skeletal/motion extraction; exports FBX/GLB.
Marketed as mocap-suit-free 3D animation extraction; separate product page, same corporate privacy policy presumably applies.
data: User-customized characters and generated 3D motions/scenes.
Built on Viggle's 3D generation model; consumer game, not an enterprise product.
data: Programmatic uploads for batch character-animation generation, webhook-delivered outputs; per public marketing, available on Pro tier and above.
No public evidence of enterprise-specific security terms, a Data Processing Agreement, or a Business Associate Agreement for API/enterprise customers; buyers handling regulated or sensitive data should request these directly from Viggle before integrating.
// What to watch
- Recommend a follow-up direct verification pass (e.g. headless browser) before publishing high-confidence cert badges.
- Over-claim risk: a third-party vendor-risk aggregator (Nudge Security) lists Viggle as broadly 'PCI / HIPAA / SOC 2 / GDPR / ISO 27001 / FedRAMP / CSA STAR Compliant.' This claim does NOT appear on Viggle's own domain, has no accompanying proof, and looks templated/unverified. It must NOT be treated as vendor-asserted compliance and none of those certs are graded held=true here.
- Unresolved contradiction: Viggle's own privacy policy says extracted/face data is 'not stored or retained,' but independent reviews allege uploaded content and facial likeness may be retained indefinitely and used in training even after account deletion. Could not independently confirm or refute this discrepancy; needs vendor confirmation before any listing claims 'no data retention.'
- AI training on user-uploaded images/content is enabled per the public privacy policy with no visible self-service opt-out; relevant for any user uploading identifiable likenesses.
- No DPA, BAA, or SCC documentation found publicly; not suitable for regulated (health, biometric-sensitive, or contractually-DPA-required) workflows without a signed agreement obtained directly from Viggle.
// At a glance
Pricing model
Freemium consumer subscription tiers with a paid Pro tier; API/developer access gated behind Pro tier and above.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Viggle Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
viggle.ai