// Trust & Security Report

    Easy WebContent, LLC (d/b/a Visme) logo

    Easy WebContent, LLC (d/b/a Visme)

    AI-powered visual content platform for presentations, documents, infographics, data visualizations, social graphics, videos, forms/surveys, and whiteboards. Single core web app with tiered plans (Free/Starter, Pro, Business/Teams, Enterprise) plus a beta 'Visme AI Designer' generative feature.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (posture)
    HELD

    For the purposes of the GDPR and UK GDPR, Easy WebContent, LLC. is the data controller... the right to access; the right to rectification; the right to erasure; the right to restrict processing; the right to object to processing; the right to data portability... we will require those third-party providers to enter into an agreement that provides appropriate safeguards for your information, including by using the EU Model Clauses.

    Verify on visme.co
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No SOC 2 mention found on visme.co home page, Privacy Policy, Terms & Conditions, Teams/security page, or Pricing page; visme.co/security returns HTTP 404 and no trust-center subdomain exists. Third-party procurement-aggregator sites (not visme.co) assert SOC 2 compliance but provide no vendor-issued proof and are not usable as evidence.

    source: visme.co
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not mentioned in Privacy Policy, Terms & Conditions, or any security-related marketing page on visme.co.

    source: visme.co
    HIPAA
    NOT CONFIRMED

    No public evidence. No HIPAA or Business Associate Agreement (BAA) language found anywhere on visme.co.

    source: visme.co
    PCI DSS
    NOT CONFIRMED

    No public evidence of a vendor-held PCI DSS attestation on visme.co. Payment processing details are not disclosed on the vendor's own security/legal pages.

    source: visme.co
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence. No AI-governance certification is referenced on the Visme AI product page, Terms & Conditions, or Privacy Policy.

    source: visme.co
    CSA STAR
    NOT CONFIRMED

    No public evidence on visme.co. (A third-party aggregator claimed CSA STAR Level 1, FedRAMP, PCI, and HIPAA compliance for Visme in the same breath, but cited no vendor source and could not be corroborated on visme.co; treated as an unverifiable over-claim.)

    source: visme.co
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not mentioned anywhere on visme.co; FedRAMP applies to US federal cloud vendors and there is no indication Visme has pursued this.

    source: visme.co

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States (AWS) for primary hosting; EU Model Clauses (SCCs) used for transfers of EEA user data outside the EEA per the Privacy Policy.

    Terms & Conditions section 7.3 ('AI-powered products and tools') states: 'By using Visme's services, you grant permission to Visme to host your input and output on our platform for the purpose of improving our products and services' and 'you are the owner of the input data you provide and the resulting material generated.' It also discloses that AI-feature input data 'will be shared with third-party service providers, such as fal.ai and OpenAI LLC.' This is broad 'improve our products and services' language, not an explicit AI-model-training clause, and no opt-out or tier-based exception is documented, so training use cannot be confirmed or ruled out from vendor text alone.

    // Security controls

    Encryption in transit

    HTTPS for all users; TLS 1.3 for API connections.

    visme.co

    Encryption at rest

    AES-256 encryption at rest, but only stated as available on Enterprise plans (not confirmed for lower tiers).

    visme.co

    SSO / 2FA

    Single sign-on (SAML-based SSO) and two-factor authentication available only on Enterprise plans (minimum 15 seats).

    support.visme.co

    Dedicated security/trust documentation

    No standalone security or trust-center page exists; visme.co/security returns HTTP 404. Security claims are scattered across marketing pages (Teams, Pricing) rather than a formal trust center.

    visme.co

    Uptime

    Marketing page cites 'nearly uninterrupted uptime' (~99.98% referenced) with no formal SLA document found.

    visme.co

    // Products & data scope

    Visme (Free/Personal/Starter)Individual content creation

    data: User-created designs, uploaded assets, account/profile data.

    No SSO/2FA, no AES-256-at-rest commitment; standard HTTPS in transit only.

    Visme for Teams / BusinessTeam collaboration content platform

    data: Shared team assets, brand kits, collaborative projects, member activity/analytics.

    Adds collaboration, asset management, and content-calendar features; security tier same as lower plans per available evidence.

    Visme EnterpriseEnterprise content governance

    data: Same content data plus centralized user/group administration, workspace analytics ('who's doing what').

    Only tier with SSO, 2FA, AES-256 encryption at rest, custom sub-domain, dedicated Customer Success Manager, and 'more project security & services'.

    Visme AI Designer (Beta)Generative AI design

    data: Text prompts and generated design output; processed via third-party AI providers.

    Terms & Conditions disclose that AI-feature input data is shared with third-party processors fal.ai and OpenAI LLC; no separate AI-specific privacy addendum was found.

    // What to watch

    • No trust center or dedicated security page exists on visme.co (visme.co/security returns 404); all security claims are scattered across marketing pages, not a formal compliance program.
    • Third-party aggregator sites (not visme.co) claim Visme is 'SOC 2, GDPR, and ISO 27001 compliant' and even 'PCI, HIPAA, FedRAMP, and CSA STAR Level 1' compliant with no vendor-issued proof; this is an unverifiable over-claim risk that should not be repeated to AIFOXX users without a vendor-domain source.
    • AI training language in the Terms & Conditions ('host your input and output... for the purpose of improving our products and services') is broad and does not explicitly confirm or deny use of customer content to train AI/ML models; no opt-out mechanism is documented.
    • Key security features (SSO, 2FA, AES-256 at rest) are Enterprise-only; lower-tier customers should not assume these protections apply to their data.
    • No Data Processing Agreement (DPA) is referenced in the Privacy Policy; users must contact legal@visme.co to request one, so DPA availability is unconfirmed as a standard offering.

    // At a glance

    Pricing model

    Freemium SaaS with Personal/Starter, Pro/Business (Teams), and custom-quoted Enterprise tiers; Enterprise gates most security controls.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Easy WebContent, LLC (d/b/a Visme)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    visme.co

    > Browse all vendor trust reports