// Trust & Security Report

    InitML (owned by Jasper) logo

    InitML (owned by Jasper)

    AI-powered image editing and generation suite including background removal, upscaling, text-to-image generation, object removal, and image enhancement tools; available as web application and API

    Certifications held

    5

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR (Jasper security page separately confirms SOC 2 Type II compliance; inherited by Clipdrop as a Jasper-owned product)

    Verify on jasper.ai
    GDPR
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    PCI DSS
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    CCPA
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    DPA (Data Protection Agreement)
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    > Show 2 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification on Jasper's official trust center or security pages (https://security.jasper.ai or https://www.jasper.ai/security). While mentioned in third-party source, not confirmed on vendor's own documentation.

    source: jasper.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification on Jasper's official trust center or security pages. HIPAA not mentioned in vendor security documentation accessed. Given Clipdrop's nature as consumer/marketing image tool, HIPAA likely out of scope.

    source: jasper.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    US-East region (Google Cloud Platform), specifically US-East1 and US-East4 zones per parent company (Jasper) infrastructure. No alternative data residency options available.

    Parent company Jasper explicitly states customer data and outputs are never used to train third-party LLMs. However, Clipdrop continues to use Stability AI models which were retained post-acquisition; no explicit confirmation found that Stability AI does not use Clipdrop customer images for model training. This represents a potential gap between Jasper's stated policy and Stability AI's model sourcing practices.

    // Security controls

    Encryption in Transit

    HTTPS using TLS 1.2+ with AES-256 encryption

    jasper.ai

    Encryption at Rest

    AES-256 encryption at storage level

    jasper.ai

    Key Management

    Encryption keys managed and stored securely within Google Cloud Platform; no Jasper personnel have direct key access; all key usage logged and monitored

    jasper.ai

    Penetration Testing

    Annual penetration testing conducted by independent third parties

    jasper.ai

    Vulnerability Scanning

    Weekly internal and external vulnerability scans with severity-based remediation

    jasper.ai

    Authentication

    Multi-factor authentication required for production infrastructure access

    jasper.ai

    Logging & Monitoring

    Centralized logging across production systems with anomaly detection enabled

    jasper.ai

    Employee Security

    Annual security awareness training required for all employees

    jasper.ai

    // Products & data scope

    Clipdrop Web ApplicationImage Editing & Generation

    data: User-uploaded images and generated images; free tier has watermarks and lower priority processing

    Free tier: 15 images/month; Pro tier: $9/month for unlimited generations, no watermarks, commercial license

    Clipdrop APIImage Processing API

    data: Images processed via API calls; requires paid API credits

    API requires purchased credits starting at $9 for 100 credits; includes tools for background removal, upscaling, text-to-image, object removal

    Stable Diffusion IntegrationAI Model

    data: Generates images using Stability AI's Stable Diffusion models

    Stability AI continues to provide and maintain models to Clipdrop post-acquisition by Jasper; users may commercially use generated images

    // What to watch

    • Clipdrop has no public, dedicated trust center or compliance documentation; all compliance references are inherited from parent company Jasper. No explicit statement on Clipdrop's product pages confirming compliance inheritance.
    • Data training practice gap: While parent Jasper explicitly states customer data is not used to train third-party LLMs, Stability AI (which continues to provide Clipdrop's core models) is not bound by this commitment. Unclear whether Stability AI uses Clipdrop-processed images for model improvement.
    • ISO 27001 claimed by third-party (Nudge Security) but not confirmed on Jasper's official trust center or security pages (https://security.jasper.ai or https://www.jasper.ai/security). Cannot verify held=true from primary vendor source.
    • HIPAA not mentioned in any official Jasper documentation; likely out of scope for consumer/marketing image tool but not explicitly addressed.
    • Ownership chain: InitML → Stability AI (Feb 2023) → Jasper (Feb 2024). Stability AI continues model provision. Potential compliance responsibility question with split ownership.
    • Data residency limited to US-East regions only; enterprises requiring EU or APAC residency cannot use Clipdrop under Jasper's infrastructure.
    • Privacy policy and terms of service pages exist but full content could not be accessed for detailed analysis of data retention, user rights, and AI training opt-outs.

    // At a glance

    Pricing model

    Freemium with tiered API credits; free tier 15 images/month, Pro $9/month

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on InitML (owned by Jasper)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    clipdrop.co

    > Browse all vendor trust reports