// Trust & Security Report

    Let's Enhance, Inc. logo

    Let's Enhance, Inc.

    AI-powered product and fashion photography platform for e-commerce image creation and editing

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    GDPR COMPLIANT — listed as a compliance status in the trust center; trust center states 'we process personal data in line with GDPR'.

    Verify on trust.claid.ai
    CCPA
    HELD

    Compliance GDPR CCPA COMPLIANT

    Verify on trust.claid.ai
    > Show 10 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    Our program is continuously monitored through Vanta, and we're working toward SOC 2.

    source: trust.claid.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on vendor domain.

    source: trust.claid.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance or BAA availability found on vendor domain.

    source: claid.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on vendor domain.

    source: claid.ai
    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 certification found on vendor domain.

    source: claid.ai
    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 certification found on vendor domain.

    source: claid.ai
    ISO 27701
    NOT CONFIRMED

    No public evidence of ISO 27701 certification found on vendor domain.

    source: claid.ai
    ISO/IEC 42001 (AI Management)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 AI management certification found on vendor domain.

    source: claid.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification or listing found on vendor domain.

    source: claid.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization found on vendor domain.

    source: claid.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    USA (primary subprocessors Amazon Web Services and Google Cloud Platform are both USA-based; no EU or regional data residency option is publicly documented)

    Ambiguous. The privacy policy states 'Claid has access to these media and uses automated systems to analyze them for security purposes, fraud prevention, compliance with legal and regulatory requirements, investigations of potential misconduct, product development and improvement, research, and customer or technical support.' The phrase 'product development and improvement' is not clearly defined and could encompass model training. The terms of service grant Claid an 'irrevocable, perpetual, transferable, sublicensable...royalty-free...right' to use customer content in 'de-identified form' for 'data analysis, customer research, developing new products or features, and identifying usage trends.' Claid also states it owns resulting de-identified datasets. Separately, the ToS prohibits customers from using the service to 'generate training data' for their own AI models. No explicit opt-out mechanism for AI model training is published. Prospective enterprise customers should request clarification in the DPA.

    // Security controls

    Encryption in transit

    Confirmed. Trust center lists 'Data transmission encrypted' as an active product security control, and states 'Data is encrypted in transit and at rest'.

    trust.claid.ai

    Encryption at rest

    Confirmed. Trust center states 'Data is encrypted in transit and at rest'.

    trust.claid.ai

    Encryption key management

    Trust center lists 'Encryption key access restricted' as an infrastructure security control.

    trust.claid.ai

    Access controls

    Trust center lists 'Unique production database authentication enforced' and 'Unique account authentication enforced' as active infrastructure controls.

    trust.claid.ai

    Vulnerability management

    Trust center lists 'Vulnerability and system monitoring procedures established' as an active product security control.

    trust.claid.ai

    Continuous compliance monitoring

    Monitored through Vanta. Trust center states 'Our program is continuously monitored through Vanta'.

    trust.claid.ai

    Business continuity and DR

    Trust center lists 'Continuity and Disaster Recovery plans established' and 'Continuity and Disaster Recovery plans tested' as active internal security procedure controls.

    trust.claid.ai

    Anti-malware

    Trust center lists 'Anti-malware technology utilized' as an organizational security control.

    trust.claid.ai

    Asset disposal

    Trust center lists 'Asset disposal procedures utilized' as an organizational security control.

    trust.claid.ai

    Data classification

    Trust center lists 'Data classification policy established' and 'Data retention procedures established' as active data and privacy controls.

    trust.claid.ai

    Subprocessors

    Amazon Web Services (cloud provider, USA - processing and storing images), Google Cloud Platform (cloud provider, USA - processing and storing data), Cloudflare (CDN, USA), Amplitude (data analytics, USA - metrics and usage data for web app).

    trust.claid.ai

    // Products & data scope

    Claid AI StudioWeb application - AI image editing and generation

    data: User-uploaded product and fashion images; account data; usage analytics

    Consumer-facing no-code studio with tools for AI photoshoot, background removal, upscaling, model generation, and video creation. Free trial available. Credit-based usage model.

    Claid APIDeveloper API - bulk image processing at scale

    data: Programmatically uploaded images; API credentials; usage telemetry

    Used by marketplaces and retailers to process large volumes of images. Separate API pricing. Enterprise customers likely have access to a DPA and dedicated support.

    Claid EnterpriseEnterprise tier - custom AI workflows and forward-deployed creatives

    data: Enterprise image assets; custom brand data; custom model training possible

    Offers custom workflows, brand-specific background and color controls, and forward-deployed creative services. Terms reference a separate Master Services Agreement (MSA) for enterprise customers. No public mention of enterprise-specific data residency or enhanced compliance tiers.

    // What to watch

    • SOC 2 not yet achieved: vendor explicitly states 'working toward SOC 2' on trust center - do not represent as certified
    • AI training posture is ambiguous: privacy policy allows use of uploaded media for 'product development and improvement' and ToS grants perpetual royalty-free rights to de-identified customer content - enterprise buyers should demand written clarification in the DPA
    • De-identified data ownership claimed by vendor: ToS states Claid owns resulting de-identified datasets derived from customer uploads
    • No ISO 27001 or any other third-party certified information security standard held
    • No HIPAA coverage - platform is not suitable for healthcare workloads involving PHI
    • All subprocessors are USA-based; no EU data residency available - may require additional GDPR transfer mechanisms for EU data controllers
    • DPA referenced in privacy policy but no direct public URL provided; must be requested from vendor
    • Legal entity 'Let's Enhance, Inc.' (footer copyright) differs from product brand 'Claid.ai' - the company rebranded from Let's Enhance to Claid; verify entity continuity in contracts
    • GDPR compliance is self-attested only, not third-party audited

    // At a glance

    Pricing model

    Credit-based subscription (monthly credit allocation usable across all features); free tier available; separate API pricing; Enterprise via custom contract

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Let's Enhance, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.claid.ai

    > Browse all vendor trust reports