// Trust & Security Report

    Visible.vc, Inc. logo

    Visible.vc, Inc.

    Investor relationship / private-markets platform for founders and VCs. Founder side: fundraising pipelines, pitch decks, data rooms, investor updates. Investor side: portfolio monitoring, LP reporting, fund dashboards, and an AI/MCP layer (AI Inbox, AI Updates, AI Docs, MCP Server) for connecting portfolio data to LLMs.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    Visible is SOC 2 certified, performs regular penetration testing, and 24/7 continuous monitoring.

    Verify on visible.vc
    GDPR (posture, not a certification)
    HELD

    We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. ... Visible may transfer your data to countries outside the European Economic Area using appropriate safeguards when necessary.

    Verify on visible.vc
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not mentioned on any vendor-domain page (for-investors, for-founders, ai-mcp-server, gdpr, privacy, dpa, subprocessor-list) as of this review.

    source: visible.vc
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance, Business Associate Agreement, or healthcare-specific controls anywhere on visible.vc. Product is positioned for startup/VC fundraising and portfolio monitoring, not healthcare data.

    source: visible.vc
    PCI DSS
    NOT CONFIRMED

    Visible does not receive your credit card, debit card or other financial information (payments are redirected to Stripe); no PCI DSS attestation is claimed by Visible itself since it does not directly handle cardholder data.

    source: visible.vc
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence. No AI-governance-specific certification mentioned on any vendor page despite the product shipping AI features (AI Inbox, AI Updates, AI Docs, MCP Server).

    source: visible.vc
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR registration or certification on any vendor-domain page.

    source: visible.vc
    FedRAMP
    NOT CONFIRMED

    No public evidence; product is not marketed to US federal government customers.

    source: visible.vc

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Personal Information may be transferred to, stored in, and processed in the United States. Subprocessor list shows AWS and Heroku (both US-based cloud hosts) as primary hosting/storage providers. EU/UK/Switzerland transfers are governed by SCCs per the DPA.

    Terms of Service define 'Benchmark Data' as statistical, system, usage, and configuration data that is 'aggregated, de-identified, or anonymized,' and grant Visible 'the right to use Benchmark Data to develop modifications, improvements, and enhancements to the Visible Platform.' This only clearly covers aggregated/de-identified data, not raw customer content. Neither the Privacy Policy, Terms, nor the AI/MCP product page state whether raw customer content (decks, updates, financials) is used to train or fine-tune AI models, and no opt-out mechanism for AI features is described. Flagged as unresolved because the product actively markets AI features (AI Inbox parses financials/decks/emails) without a published AI-data-use policy.

    // Security controls

    SOC 2 status

    SOC 2 certified per vendor's own marketing copy (note: SOC 2 is technically an attestation report from a licensed CPA firm, not a 'certification'; Visible's own site uses the word 'certified'). Report/auditor name and Type 1 vs Type 2 are not disclosed on any public vendor page.

    visible.vc

    Encryption in transit

    All data sent to or from Visible is encrypted using TLS 1.2.

    visible.vc

    Encryption at rest

    All customer data is encrypted at rest using AES-256.

    visible.vc

    Penetration testing

    Regular penetration testing performed (frequency/vendor not disclosed).

    visible.vc

    Monitoring

    24/7 continuous monitoring.

    visible.vc

    Secure SDLC

    Code changes are automatically scanned for vulnerabilities, peer-reviewed, and tested against automated test suites.

    visible.vc

    Backups

    Regular backups are stored separately from the backend infrastructure.

    visible.vc

    DPA / sub-processor transparency

    Published Data Processing Addendum and a public sub-processor list (AWS, Heroku, Twilio/Segment, Twilio/Sendgrid, Intercom, HubSpot, Stripe, Google, Honeybadger, Zoom).

    visible.vc

    // Products & data scope

    Visible for Founders (Starter/Base/Core/Growth plans)Fundraising / investor relations SaaS

    data: Pitch decks, cap table-adjacent metrics, investor contact data, data rooms, investor updates.

    Self-serve, credit-card signup, tiered pricing from free (Starter) to $199-249/mo (Growth).

    Visible for Investors (Essential/Premium/Enterprise plans)Portfolio monitoring / LP reporting SaaS

    data: Portfolio company financials and KPIs, fund performance data, LP reporting data, benchmark data across portfolio.

    Contact-for-pricing tiers; Enterprise adds API access and custom SLA/MSA. Premium/Enterprise add AI Inbox (parses emails/financials/decks).

    AI / MCP ServerAI integration layer

    data: Connects Visible's portfolio/company data to external LLMs via Model Context Protocol; AI Inbox parses financials, decks, and emails.

    No published AI-training or AI-data-retention policy found; treat customer content sent through AI features as unresolved until Visible publishes a specific AI data-use statement.

    // What to watch

    • No dedicated trust center or standalone /security page exists; SOC 2, encryption, and monitoring claims are stated only as marketing copy on the /for-investors/ and /for-founders/ landing pages, with no auditor name, report type (Type 1 vs Type 2), or report date disclosed. AIFOXX should note this cert is vendor-self-reported without a downloadable report or named auditor.
    • AI features (AI Inbox, AI Updates, AI Docs, MCP Server) are actively marketed but there is no published policy on whether customer content is used to train or improve AI models beyond the generic 'Benchmark Data' (aggregated/de-identified) clause in the Terms of Service. This is a gap, not a confirmed over-claim, but should be verified directly with the vendor before enterprise use.
    • Name-collision risk: several unrelated companies use similar names (Visible Network Labs, Visible.be, Visibility Corporation, Visible Alpha, VisiblePrivacy/visibleprivacy.com).

    // At a glance

    Pricing model

    Tiered SaaS subscription: self-serve free-to-paid plans for founders ($0-$249/mo), contact-sales tiers for investors/VC funds.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Visible.vc, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    visible.vc

    > Browse all vendor trust reports