// Trust & Security Report

    Voice AI Inc logo

    Voice AI Inc

    Voice.ai is an AI voice platform offering Voice Agents (automated phone agents), Text-to-Speech, Voice Cloning, Voice Changer, and Audio Tools. Core products include: Voice AI Agents (inbound/outbound call automation for enterprise), Text-to-Speech (multi-language, real-time), Voice Cloning (10-second audio samples), and consumer Voice Changer tools. Deployable on-premise, in cloud, or via API.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    Listed on the enterprise page ('SOC 2 Type II') as a compliance claim, but no public audit report, trust center, or verification link found. No SOC 2 evidence appears in the privacy policy or elsewhere on the site, and https://voice.ai/security returns 404. Vendor would need to provide the audit report under NDA to verify.

    source: voice.ai
    ISO 27001
    NOT CONFIRMED

    Claimed on enterprise page, but no public certificate, audit report, or verification link found. No trust center or compliance documentation page exists.

    source: voice.ai
    HIPAA
    NOT CONFIRMED

    Vendor claims HIPAA-compliance capability and advertises 'signed BAAs ready' on enterprise page. On-premise deployment supports HIPAA by keeping data local. However, no formal HIPAA BAA template, signed agreement, or audit proof is publicly available. HIPAA is a regulatory framework requiring BAA signature; BAA readiness ≠ formal compliance certification.

    source: voice.ai
    GDPR
    NOT CONFIRMED

    Vendor explains GDPR compliance principles (lawfulness, data minimization, encryption, access controls) but provides no formal GDPR certification, Data Protection Impact Assessment, or third-party verification. GDPR is a regulatory posture, not a certificate; vendor support for GDPR principles ≠ formal certification.

    source: voice.ai
    PCI DSS Level 1
    NOT CONFIRMED

    Claimed in aggregate marketing language ('PCI Level 1') but no public certificate, audit scope, or compliance documentation found.

    source: voice.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    Not publicly specified. US-based cloud hosting or customer-controlled on-premise deployment (for on-prem, PII and transcripts stay within the customer network per https://voice.ai/ai-voice-agents/on-premise/). Company is incorporated in Delaware, US (governing law per Terms of Service); incorporation state does not necessarily indicate data hosting location.

    Terms of Service Section 4 ('Your Content') grants Voice.ai a perpetual license to 'train and refine Voice.ai's models' from all user Input (voice recordings, text, scripts, call flows, etc.). Users can disable 'metamodel training' (hardware utilization for computation), but model training on input appears to be default. No Data Processing Agreement (DPA) found; privacy policy covers GDPR lawful bases but no formal DPA is documented.

    // Security controls

    Encryption in Transit

    End-to-end encryption claimed; zero-retention mode option available

    voice.ai

    Encryption at Rest

    Claimed, specific algorithm/key management not detailed

    voice.ai

    Access Controls

    Strict access controls claimed; on-premise deployment restricts data access to local network

    voice.ai

    Data Residency

    Cloud (US-based) or on-premise deployment available; Sub-100ms local processing for on-prem

    voice.ai

    Authentication

    Single Sign-On (SSO) support mentioned for enterprise

    voice.ai

    Audit & Compliance Monitoring

    No public audit reports, penetration testing, or independent security assessment found

    // Products & data scope

    Voice AI AgentsConversational AI / Voice Automation

    data: Call recordings, transcripts, customer data (phone numbers, appointment info, etc.)

    Inbound/outbound automated phone agents; enterprise-grade with on-prem & cloud deployment; BAAs available for healthcare

    Text-to-Speech (TTS)Audio Generation

    data: Text input, generated audio output; 15+ languages supported

    Real-time synthesis, studio-quality; no mention of data retention restrictions; on-prem option available

    Voice CloningVoice Synthesis

    data: Audio samples (10 sec min), generated cloned voices

    User-generated voice models; high fidelity; publicly available voices subject to platform controls

    Voice Changer (Consumer)Audio Effect / Real-time Transformation

    data: Real-time audio stream, user voice

    Free/consumer product; streaming/gaming use case; no enterprise compliance framing

    // What to watch

    • Over-claim: The enterprise page (https://voice.ai/enterprise) lists 'SOC 2 Type II', 'ISO 27001 compliant', 'HIPAA', 'GDPR', and 'PCI Level 1' as compliance claims, but NO public audit reports, certificates, or trust center exist to substantiate them. The privacy policy does not mention any of these certifications, and https://voice.ai/security returns 404. Confidence in the cert claims is LOW without public evidence.
    • No Trust Center: Attempted fetch to https://voice.ai/security returned 404. No dedicated compliance or trust center page found. All claims appear only on product/marketing pages.
    • Model Training on User Data: Terms grant Voice.ai perpetual license to train models on all user input (voice, text, scripts). Users can opt out of 'metamodel training' (hardware utilization) but not model training. Potential concern for IP-sensitive use cases.
    • HIPAA Claims Are Conditional: Vendor claims 'HIPAA compliance' and 'signed BAAs ready,' but (a) no actual BAA template is publicly available, (b) HIPAA is a regulatory framework requiring BAA signature—BAA readiness is not the same as compliance certification, and (c) healthcare buyers must verify current BAA terms and SOC 2 coverage before deployment.
    • Identity Verified: Legal entity is Voice AI Inc (Delaware), domain https://voice.ai is official vendor site (TOS copyright confirms this). No conflation risk with other 'Voice AI' products identified.
    • Maturity Assessment: Vendor has enterprise features (on-prem, BAAs, SSO), active product development, and scaled customer base. However, absence of public certifications and trust center is unusual for an 'enterprise' vendor claiming SOC 2/ISO. Classified as 'growth' rather than 'enterprise' due to lack of formal compliance documentation.

    // At a glance

    Pricing model

    Freemium (voice changer, basic TTS) + Subscription (voice agents, enterprise API access); Pay-per-use for high-volume; Quoted enterprise pricing available

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Voice AI Inc's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    voice.ai

    > Browse all vendor trust reports