About TrustKit

Helping European businesses choose AI tools they can trust — with independent, consistent compliance scores.

Why we built this

Adopting AI tools as a European business has become genuinely complicated. Tools that look identical on the surface can differ dramatically in where they store your data, which laws apply, and whether they use your inputs to train their models.

Marketing pages don't answer these questions clearly. Legal teams spend hours digging through DPAs and ToS documents that are designed to obscure rather than inform. We built TrustKit to cut through that — one consistent scoring framework, applied to every tool in the directory.

The result is a score between 1 and 25, expressed as a percentage, that lets you compare tools at a glance and drill into the detail when you need it.

The TrustKit Score

Five dimensions, each scored 1–5. Total out of 25, shown as a percentage.

Data Residency

Where is your data stored and processed?

5Data stored exclusively in EU/EEA

4EU/EEA option available and enforceable

3EU option available but not guaranteed

2Data may leave EU/EEA

1Data processed and stored in US or unknown regions

Legal Jurisdiction

Which laws govern the company and your data?

5EU-headquartered, subject only to EU law

4EU entity, parent outside EU but with strong DPA

3UK/EEA entity with adequacy decision

2US entity with EU SCCs in place

1Subject to CLOUD Act or equivalent surveillance laws

Data Retention & Training

Is your data used for model training?

5No training on customer data, zero retention option

4No training; data deleted on request within 30 days

3Opt-out of training available; default retention applies

2Training opt-out unclear or buried

1Data used for training by default, no opt-out

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

5ISO 27001 + SOC 2 Type II + sector-specific certs

4ISO 27001 or SOC 2 Type II

3SOC 2 Type I or Cyber Essentials Plus

2Basic security certifications only

1No independent security certifications

Regulatory Fit

Suitability for regulated industries and professional services

5Purpose-built for regulated industries (legal, finance, health)

4Actively supports regulated use cases with documentation

3Suitable with configuration; BAAs/DPAs available

2General-purpose; limited regulated industry support

1Not suitable for regulated use without significant mitigation

Score Tiers

Excellent22–25 pts (88–100%)

Strong17–21 pts (68–84%)

Moderate12–16 pts (48–64%)

Caution7–11 pts (28–44%)

Risk1–6 pts (4–24%)

About this project

TrustKit is an independent project. Scores are based on publicly available information including privacy policies, data processing agreements, security documentation, and regulatory guidance. We update scores as tools change their data practices. If you spot an error or want to suggest a tool for review, you can reach us at [email protected].

Some links in the directory are affiliate links — we may earn a small commission if you purchase via them, at no cost to you. Commercial relationships have no influence on Trust Scores, which are assessed using the same methodology for every tool regardless of whether an affiliate relationship exists.

Ready to compare tools?

Browse our directory of 250+ AI tools, all scored on the same 5-dimension framework.

Browse AI Tools