// Trust & Security Report
Visible.vc, Inc.
Investor relationship / private-markets platform for founders and VCs. Founder side: fundraising pipelines, pitch decks, data rooms, investor updates. Investor side: portfolio monitoring, LP reporting, fund dashboards, and an AI/MCP layer (AI Inbox, AI Updates, AI Docs, MCP Server) for connecting portfolio data to LLMs.
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on visible.vc“Visible is SOC 2 certified, performs regular penetration testing, and 24/7 continuous monitoring.”
Verify on visible.vc“We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. ... Visible may transfer your data to countries outside the European Economic Area using appropriate safeguards when necessary.”
> Show 6 unconfirmed / not-held certifications
source: visible.vcNo public evidence. Not mentioned on any vendor-domain page (for-investors, for-founders, ai-mcp-server, gdpr, privacy, dpa, subprocessor-list) as of this review.
source: visible.vcNo public evidence of HIPAA compliance, Business Associate Agreement, or healthcare-specific controls anywhere on visible.vc. Product is positioned for startup/VC fundraising and portfolio monitoring, not healthcare data.
source: visible.vcVisible does not receive your credit card, debit card or other financial information (payments are redirected to Stripe); no PCI DSS attestation is claimed by Visible itself since it does not directly handle cardholder data.
source: visible.vcNo public evidence. No AI-governance-specific certification mentioned on any vendor page despite the product shipping AI features (AI Inbox, AI Updates, AI Docs, MCP Server).
source: visible.vcNo public evidence of CSA STAR registration or certification on any vendor-domain page.
source: visible.vcNo public evidence; product is not marketed to US federal government customers.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Personal Information may be transferred to, stored in, and processed in the United States. Subprocessor list shows AWS and Heroku (both US-based cloud hosts) as primary hosting/storage providers. EU/UK/Switzerland transfers are governed by SCCs per the DPA.
Terms of Service define 'Benchmark Data' as statistical, system, usage, and configuration data that is 'aggregated, de-identified, or anonymized,' and grant Visible 'the right to use Benchmark Data to develop modifications, improvements, and enhancements to the Visible Platform.' This only clearly covers aggregated/de-identified data, not raw customer content. Neither the Privacy Policy, Terms, nor the AI/MCP product page state whether raw customer content (decks, updates, financials) is used to train or fine-tune AI models, and no opt-out mechanism for AI features is described. Flagged as unresolved because the product actively markets AI features (AI Inbox parses financials/decks/emails) without a published AI-data-use policy.
// Security controls
SOC 2 status
SOC 2 certified per vendor's own marketing copy (note: SOC 2 is technically an attestation report from a licensed CPA firm, not a 'certification'; Visible's own site uses the word 'certified'). Report/auditor name and Type 1 vs Type 2 are not disclosed on any public vendor page.
visible.vcPenetration testing
Regular penetration testing performed (frequency/vendor not disclosed).
visible.vcSecure SDLC
Code changes are automatically scanned for vulnerabilities, peer-reviewed, and tested against automated test suites.
visible.vcDPA / sub-processor transparency
Published Data Processing Addendum and a public sub-processor list (AWS, Heroku, Twilio/Segment, Twilio/Sendgrid, Intercom, HubSpot, Stripe, Google, Honeybadger, Zoom).
visible.vc// Products & data scope
data: Pitch decks, cap table-adjacent metrics, investor contact data, data rooms, investor updates.
Self-serve, credit-card signup, tiered pricing from free (Starter) to $199-249/mo (Growth).
data: Portfolio company financials and KPIs, fund performance data, LP reporting data, benchmark data across portfolio.
Contact-for-pricing tiers; Enterprise adds API access and custom SLA/MSA. Premium/Enterprise add AI Inbox (parses emails/financials/decks).
data: Connects Visible's portfolio/company data to external LLMs via Model Context Protocol; AI Inbox parses financials, decks, and emails.
No published AI-training or AI-data-retention policy found; treat customer content sent through AI features as unresolved until Visible publishes a specific AI data-use statement.
// What to watch
- No dedicated trust center or standalone /security page exists; SOC 2, encryption, and monitoring claims are stated only as marketing copy on the /for-investors/ and /for-founders/ landing pages, with no auditor name, report type (Type 1 vs Type 2), or report date disclosed. AIFOXX should note this cert is vendor-self-reported without a downloadable report or named auditor.
- AI features (AI Inbox, AI Updates, AI Docs, MCP Server) are actively marketed but there is no published policy on whether customer content is used to train or improve AI models beyond the generic 'Benchmark Data' (aggregated/de-identified) clause in the Terms of Service. This is a gap, not a confirmed over-claim, but should be verified directly with the vendor before enterprise use.
- Name-collision risk: several unrelated companies use similar names (Visible Network Labs, Visible.be, Visibility Corporation, Visible Alpha, VisiblePrivacy/visibleprivacy.com).
// At a glance
Pricing model
Tiered SaaS subscription: self-serve free-to-paid plans for founders ($0-$249/mo), contact-sales tiers for investors/VC funds.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Visible.vc, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
visible.vc