// Trust & Security Report

    Viggle Inc. logo

    Viggle Inc.

    Consumer/creator AI motion & video platform: Viggle (Meme Maker, Mix, Motion Control, Real-Time Swap, image/video generation), PINOC (video-to-3D skeletal motion capture, exports FBX/GLB), Fight Anyone 3D (character game), plus a developer API for programmatic character-animation generation.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center, security page, or cert badge found on viggle.ai; only a Privacy Policy and Terms of Use are published.

    source: viggle.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence on the vendor's own domain.

    source: viggle.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence on the vendor's own domain.

    source: viggle.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA program or BAA offering. Product is a consumer/creator video tool, not marketed for healthcare data.

    source: viggle.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence on the vendor's own domain. Payment processing is presumably handled by a third-party payment provider (not confirmed), not disclosed as Viggle's own PCI scope.

    source: viggle.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable to this consumer-facing product line.

    source: viggle.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence on the vendor's own domain.

    source: viggle.ai
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence of an AI-governance certification program.

    source: viggle.ai
    GDPR (posture, not a certification)
    NOT CONFIRMED

    Privacy policy addresses GDPR data-subject rights (access, correction, restriction, objection, portability) and names an EU/international complaint path, but this is a stated policy posture, not a third-party-audited certification, so it is graded separately under privacy below rather than as a held cert.

    source: viggle.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    Primary processing in the United States; breach-notification language references Canadian federal (Office of the Privacy Commissioner of Canada) and Quebec (Commission d'acces a l'information) authorities, suggesting the policy is drafted to cover Canadian users/entity ties in addition to a US processing base. No EU data-residency commitment or Standard Contractual Clauses were found in public text.

    Per the vendor's own privacy policy: extracted skeletal/motion data used to generate a video is 'not stored or retained after your video is generated,' and Viggle states it does 'not store users' face data, nor... share any user-related face data with third parties.' However, the same policy separately states that uploaded images (excluding the extracted data) and generated content ARE used 'to improve our services, including to train and improve our AI models.' No public self-service opt-out from this training use was found. Independent third-party reviews (not vendor-controlled, e.g. softwarecurio.com) allege uploaded content and facial likeness may be retained and used in training indefinitely, even post-deletion -- this contradicts the vendor's own 'not stored/retained' language and could not be independently confirmed or refuted; flagged below rather than resolved.

    // Security controls

    Encryption in transit

    Vendor states it uses SSL/TLS encryption to protect data during transmission.

    viggle.ai

    General security controls

    Vendor claims 'industry-standard security measures' and periodic review of practices; no specifics (encryption-at-rest, pen-testing cadence, access controls) are disclosed publicly.

    viggle.ai

    Subprocessors

    Discloses use of Sentry (crash diagnostics, configured to exclude default PII such as IP address; session-replay masks sensitive text inputs by default) and AppsFlyer (marketing attribution / install fraud detection), both processing on US servers.

    viggle.ai

    Breach notification

    States it will notify affected individuals and relevant privacy regulators (Canada's OPC, and Quebec's CAI where applicable) in the event of a breach posing real risk of significant harm.

    viggle.ai

    Account security

    Terms require users to keep account/authentication credentials secure and report unauthorized use immediately; standard user-side control, not an org-level security program.

    viggle.ai

    // Products & data scope

    Viggle (Meme Maker / Mix / Motion Control / Real-Time Swap / Image & Video Generation)Consumer/creator AI video and character-animation app

    data: User-uploaded images, reference videos, and generated outputs; per privacy policy this content may be used to train Viggle's AI models.

    Core consumer product, web + mobile app; content is stated to be cleared for commercial use.

    PINOCMotion capture / skeletal animation extraction tool

    data: Video footage submitted for skeletal/motion extraction; exports FBX/GLB.

    Marketed as mocap-suit-free 3D animation extraction; separate product page, same corporate privacy policy presumably applies.

    Fight Anyone 3DAI-generated 3D fighting game

    data: User-customized characters and generated 3D motions/scenes.

    Built on Viggle's 3D generation model; consumer game, not an enterprise product.

    Viggle APIDeveloper/API access for programmatic animation generation

    data: Programmatic uploads for batch character-animation generation, webhook-delivered outputs; per public marketing, available on Pro tier and above.

    No public evidence of enterprise-specific security terms, a Data Processing Agreement, or a Business Associate Agreement for API/enterprise customers; buyers handling regulated or sensitive data should request these directly from Viggle before integrating.

    // What to watch

    • Recommend a follow-up direct verification pass (e.g. headless browser) before publishing high-confidence cert badges.
    • Over-claim risk: a third-party vendor-risk aggregator (Nudge Security) lists Viggle as broadly 'PCI / HIPAA / SOC 2 / GDPR / ISO 27001 / FedRAMP / CSA STAR Compliant.' This claim does NOT appear on Viggle's own domain, has no accompanying proof, and looks templated/unverified. It must NOT be treated as vendor-asserted compliance and none of those certs are graded held=true here.
    • Unresolved contradiction: Viggle's own privacy policy says extracted/face data is 'not stored or retained,' but independent reviews allege uploaded content and facial likeness may be retained indefinitely and used in training even after account deletion. Could not independently confirm or refute this discrepancy; needs vendor confirmation before any listing claims 'no data retention.'
    • AI training on user-uploaded images/content is enabled per the public privacy policy with no visible self-service opt-out; relevant for any user uploading identifiable likenesses.
    • No DPA, BAA, or SCC documentation found publicly; not suitable for regulated (health, biometric-sensitive, or contractually-DPA-required) workflows without a signed agreement obtained directly from Viggle.

    // At a glance

    Pricing model

    Freemium consumer subscription tiers with a paid Pro tier; API/developer access gated behind Pro tier and above.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Viggle Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    viggle.ai

    > Browse all vendor trust reports