We handle security so your team doesn't

Yes. Photoroom holds a SOC 2 Type 2 attestation scoped to our API service. The most recent report (April 2026) and current controls are available in the Trust Center. If your procurement requires evidence on a different scope, raise it with the sales team early.

Yes to both. We operate under GDPR principles, with a documented sub-processor list, a defined breach notification process, and personal data anonymization before any model training. A Data Processing Agreement is available for Enterprise customers through your account team.

It depends on your contract.

• Enterprise contracts: no by default. Training only happens if explicitly agreed in writing.

• Self-serve API plans: yes by default, with a customer-controlled opt-out in account settings.

• All plans: training data and production data are stored separately. Training-data access is restricted to ML team members, with every access logged.

Our infrastructure runs on Google Cloud Platform and Amazon Web Services in the United States. Data in transit is encrypted with TLS 1.2 or higher (managed through Cloudflare). Data at rest is encrypted at the infrastructure layer by GCP and AWS. EU-only data residency isn't available today. If regional residency is a contract requirement, raise it with sales early.

Sync API images are discarded as soon as the response returns. Async API images are retained briefly while the job runs, then discarded. Operational logs are deleted after 15 days. API access logs are retained for one year, available to support security investigations and audit requests.

GCP and AWS for hosting and storage, Cloudflare for CDN, security, and DNS, Datadog for event logging and API parameter logs, and Vercel for hosting. The current list is published in the Trust Center.

One incident on record (October 2024): a 30-minute service availability disruption. No customer data was compromised. The event was documented and reviewed against our incident response process.

Yes. App users can opt out of contributing to model improvement through a toggle in account settings. When data is used for training, personal data is anonymized first. Note: this is separate from the API customer commitment, where the default is contract-determined (Enterprise: no by default; self-serve: opt-out available).