// Trust & Security Report
Wordfast, LLC
Wordfast translation memory (TM) software family: Wordfast Classic (MS Word-based desktop plugin), Wordfast Pro (standalone multi-platform desktop tool), Wordfast Anywhere (free browser-based cloud TM tool), and Wordfast Server (server-based TM for agencies/enterprises)
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: wordfast.comNo public evidence of a SOC 2 report or attestation. The candidate subdomains trust.wordfast.com, security.wordfast.com, and compliance.wordfast.com all resolve to the generic marketing homepage rather than a distinct trust/security page, and neither the privacy policy nor the 2011 'Wordfast Strengthens Policies Regarding Security and Privacy' notice references SOC 2.
source: wordfast.comNo public evidence of ISO 27001 certification anywhere on wordfast.com or wordfast.net; not mentioned in the privacy policy, security notice, or product pages.
source: wordfast.comNo public evidence of HIPAA compliance or Business Associate Agreement (BAA) availability. The company offers customer NDAs on request but does not reference HIPAA, PHI, or BAAs anywhere on its public site.
source: wordfast.comNo public evidence of PCI DSS. Purchases are handled by license/store checkout; no PCI attestation is published. Not treated as a materially relevant cert for this product category beyond standard payment processing.
source: wordfast.comNo public evidence found on wordfast.com or wordfast.net.
source: wordfast.comNo public evidence found. Wordfast's machine-translation features are third-party MT engine integrations (e.g. connecting to external MT providers within Wordfast Pro); no AI governance certification is published.
source: wordfast.comNo public evidence found; Wordfast does not market to US federal government buyers on its public site.
source: wordfast.comPrivacy policy states: 'Wordfast is Privacy Shield certified and a regular user of EU Model Clauses. Both programs to transfer personal data from Europe to the U.S. will remain valid and available under the GDPR.' The EU-US Privacy Shield framework was invalidated by the CJEU's Schrems II ruling in July 2020 and replaced by the EU-US Data Privacy Framework (DPF) in 2023; no current Wordfast listing was found via search on the official DPF program. Treat this as a stale/outdated legal claim, not a currently valid certification.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Privacy policy states personal data is stored 'in Wordfast's data centers in the United States and/or Europe' for account/service data; Wordfast Anywhere content lives on Wordfast's hosted servers, while Classic, Pro, and Server products do not send translation memory content off the customer's own computer or self-hosted server.
No public statement on whether translation content uploaded to Wordfast Anywhere or processed via Wordfast Pro's machine-translation connectors is used to train Wordfast's own models. Wordfast Pro's MT features route text to third-party MT engines the customer configures (data handling then governed by that third party's policy); Wordfast Classic, Pro, and Server keep translation memories on the customer's own machine or self-hosted server and are not transmitted to Wordfast. Only Wordfast Anywhere is hosted by Wordfast, and its privacy policy does not address AI/ML training use of stored content. Absent explicit confirmation, this must be graded null/unknown rather than assumed either way.
// Security controls
Encryption in transit
'To increase the security of data transmitted between the customer's browser and Wordfast's server, Wordfast has established an encrypted link by activating SSL (Secure Sockets Layer) on its server.' This statement is from a 2011 company notice; no more recent, dated confirmation of current TLS practices was found on the vendor's site.
wordfast.comConfidentiality / NDA availability
'Upon request, Wordfast will sign Non-Disclosure Agreements with any customer who wishes to have a written contract regarding the confidentiality of their data.'
wordfast.comAccount isolation (Wordfast Anywhere)
Each Wordfast Anywhere user gets a private, password-protected workspace on the centralized server, described as never shared with third parties. This is sourced from the community wiki (wordfast.net), a Wordfast-operated but less formal channel than the main privacy policy, so treat as directional rather than an authoritative security control statement.
wordfast.netEncryption at rest / infra hardening
No public evidence found. No statement on data-at-rest encryption, key management, network segmentation, or vulnerability management program.
wordfast.comBug bounty / independent audits
No public bug-bounty program or independent penetration-test/audit disclosure found.
wordfast.com// Products & data scope
data: Translation memories and glossaries reside on the customer's own computer; not transmitted to or stored by Wordfast.
Lowest data-exposure product in the family; effectively no vendor-side data handling to assess.
data: Runs locally; translation content stays on the customer's machine unless the customer configures a connection to a remote TM/glossary server or a third-party machine-translation engine.
MT connectors route content to whichever third-party MT provider the customer configures; that provider's data policy then applies, not Wordfast's.
data: The only product where translation content and account data are hosted on Wordfast's own servers (US and/or EU data centers per the privacy policy).
Free tier tool; the privacy policy's GDPR/data-storage language applies most directly here. No dedicated enterprise security documentation found for this product.
data: Deployed on the customer's or agency's own infrastructure (quote-based licensing); not a Wordfast-hosted service.
Self-hosted, so most infrastructure security controls are the customer's own responsibility rather than Wordfast's.
// What to watch
- No dedicated trust/security/compliance page exists: trust.wordfast.com, security.wordfast.com, and compliance.wordfast.com all resolve to the generic marketing homepage rather than distinct content, and no SOC 2, ISO 27001, or HIPAA material was found anywhere on wordfast.com or wordfast.net.
- Stale/outdated legal claim: the current privacy policy still asserts Wordfast is 'Privacy Shield certified,' but the EU-US Privacy Shield framework was invalidated by the CJEU in 2020 and replaced by the EU-US Data Privacy Framework in 2023. This looks like unmaintained legal copy rather than an active certification and should not be surfaced as a current cert.
- Multi-product data exposure varies sharply within the same vendor: Classic/Pro/Server keep customer content off Wordfast's infrastructure entirely, while Wordfast Anywhere (the free product) is the only one actually hosted by Wordfast. A single vendor-level security rating would be misleading; list per-product data scope.
- No public Data Processing Agreement (DPA); GDPR data-subject requests are handled via an email address (privacyrequests@wordfast.com) rather than a self-serve DPA or trust portal.
- No public statement on whether Wordfast Anywhere content or MT connector traffic is used to train any Wordfast-operated model; graded as unknown (null), not assumed absent.
// At a glance
Pricing model
Perpetual/subscription licenses for Classic and Pro; quote-based licensing for Server; Wordfast Anywhere is free
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Wordfast, LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
wordfast.com