// Trust & Security Report
Let's Enhance, Inc.
AI-powered product and fashion photography platform for e-commerce image creation and editing
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.claid.ai“GDPR COMPLIANT — listed as a compliance status in the trust center; trust center states 'we process personal data in line with GDPR'.”
> Show 10 unconfirmed / not-held certifications
source: trust.claid.aiOur program is continuously monitored through Vanta, and we're working toward SOC 2.
source: trust.claid.aiNo public evidence of ISO 27001 certification found on vendor domain.
source: claid.aiNo public evidence of HIPAA compliance or BAA availability found on vendor domain.
source: claid.aiNo public evidence of PCI DSS certification found on vendor domain.
source: claid.aiNo public evidence of ISO 27017 certification found on vendor domain.
source: claid.aiNo public evidence of ISO 27018 certification found on vendor domain.
source: claid.aiNo public evidence of ISO 27701 certification found on vendor domain.
source: claid.aiNo public evidence of ISO/IEC 42001 AI management certification found on vendor domain.
source: claid.aiNo public evidence of CSA STAR certification or listing found on vendor domain.
source: claid.aiNo public evidence of FedRAMP authorization found on vendor domain.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
USA (primary subprocessors Amazon Web Services and Google Cloud Platform are both USA-based; no EU or regional data residency option is publicly documented)
Ambiguous. The privacy policy states 'Claid has access to these media and uses automated systems to analyze them for security purposes, fraud prevention, compliance with legal and regulatory requirements, investigations of potential misconduct, product development and improvement, research, and customer or technical support.' The phrase 'product development and improvement' is not clearly defined and could encompass model training. The terms of service grant Claid an 'irrevocable, perpetual, transferable, sublicensable...royalty-free...right' to use customer content in 'de-identified form' for 'data analysis, customer research, developing new products or features, and identifying usage trends.' Claid also states it owns resulting de-identified datasets. Separately, the ToS prohibits customers from using the service to 'generate training data' for their own AI models. No explicit opt-out mechanism for AI model training is published. Prospective enterprise customers should request clarification in the DPA.
// Security controls
Encryption in transit
Confirmed. Trust center lists 'Data transmission encrypted' as an active product security control, and states 'Data is encrypted in transit and at rest'.
trust.claid.aiEncryption at rest
Confirmed. Trust center states 'Data is encrypted in transit and at rest'.
trust.claid.aiEncryption key management
Trust center lists 'Encryption key access restricted' as an infrastructure security control.
trust.claid.aiAccess controls
Trust center lists 'Unique production database authentication enforced' and 'Unique account authentication enforced' as active infrastructure controls.
trust.claid.aiVulnerability management
Trust center lists 'Vulnerability and system monitoring procedures established' as an active product security control.
trust.claid.aiContinuous compliance monitoring
Monitored through Vanta. Trust center states 'Our program is continuously monitored through Vanta'.
trust.claid.aiBusiness continuity and DR
Trust center lists 'Continuity and Disaster Recovery plans established' and 'Continuity and Disaster Recovery plans tested' as active internal security procedure controls.
trust.claid.aiAnti-malware
Trust center lists 'Anti-malware technology utilized' as an organizational security control.
trust.claid.aiAsset disposal
Trust center lists 'Asset disposal procedures utilized' as an organizational security control.
trust.claid.aiData classification
Trust center lists 'Data classification policy established' and 'Data retention procedures established' as active data and privacy controls.
trust.claid.aiSubprocessors
Amazon Web Services (cloud provider, USA - processing and storing images), Google Cloud Platform (cloud provider, USA - processing and storing data), Cloudflare (CDN, USA), Amplitude (data analytics, USA - metrics and usage data for web app).
trust.claid.ai// Products & data scope
data: User-uploaded product and fashion images; account data; usage analytics
Consumer-facing no-code studio with tools for AI photoshoot, background removal, upscaling, model generation, and video creation. Free trial available. Credit-based usage model.
data: Programmatically uploaded images; API credentials; usage telemetry
Used by marketplaces and retailers to process large volumes of images. Separate API pricing. Enterprise customers likely have access to a DPA and dedicated support.
data: Enterprise image assets; custom brand data; custom model training possible
Offers custom workflows, brand-specific background and color controls, and forward-deployed creative services. Terms reference a separate Master Services Agreement (MSA) for enterprise customers. No public mention of enterprise-specific data residency or enhanced compliance tiers.
// What to watch
- SOC 2 not yet achieved: vendor explicitly states 'working toward SOC 2' on trust center - do not represent as certified
- AI training posture is ambiguous: privacy policy allows use of uploaded media for 'product development and improvement' and ToS grants perpetual royalty-free rights to de-identified customer content - enterprise buyers should demand written clarification in the DPA
- De-identified data ownership claimed by vendor: ToS states Claid owns resulting de-identified datasets derived from customer uploads
- No ISO 27001 or any other third-party certified information security standard held
- No HIPAA coverage - platform is not suitable for healthcare workloads involving PHI
- All subprocessors are USA-based; no EU data residency available - may require additional GDPR transfer mechanisms for EU data controllers
- DPA referenced in privacy policy but no direct public URL provided; must be requested from vendor
- Legal entity 'Let's Enhance, Inc.' (footer copyright) differs from product brand 'Claid.ai' - the company rebranded from Let's Enhance to Claid; verify entity continuity in contracts
- GDPR compliance is self-attested only, not third-party audited
// At a glance
Pricing model
Credit-based subscription (monthly credit allocation usable across all features); free tier available; separate API pricing; Enterprise via custom contract
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Let's Enhance, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.claid.ai