// Trust & Security Report

    Jasper AI, Inc. logo

    Jasper AI, Inc.

    Jasper is an AI marketing platform featuring 100+ specialized agents for content creation, campaign management, and marketing automation with brand control features (Jasper IQ). Core products include AI Studio, Jasper Grid, Canvas, Marketing AI Editor, and various marketing-specific agents for performance, content, product, brand, and PR marketing.

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Jasper is SOC 2 Type II certified and complies with GDPR, CCPA, PCI, and DPA requirements, with annual third-party penetration testing.

    Verify on jasper.ai
    GDPR
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    PCI DSS
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    CCPA
    HELD

    Jasper is compliant with SOC 2, PCI, DPA, CCPA, and GDPR

    Verify on jasper.ai
    DPA (Data Processing Agreement)
    HELD

    Data Processing Agreement available. Agreement applies to customers who have signed it or otherwise incorporated it into their contract with Jasper.

    Verify on jasper.ai
    > Show 4 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence found on jasper.ai domain pages. Mentioned in third-party security profiles (Nudge Security) but not confirmed on Jasper's official security, trust, or compliance pages.

    source: jasper.ai
    HIPAA
    NOT CONFIRMED

    HIPAA compliance is referenced for Jasper Health's CARE+ product (separate legal entity/product line), not for the main Jasper AI marketing platform. Main platform serves marketing teams, not healthcare compliance requirements.

    source: jasper.ai
    FedRamp
    NOT CONFIRMED

    No public evidence found on jasper.ai domain pages

    source: jasper.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence found on jasper.ai domain pages

    source: jasper.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    US-based data centers

    Jasper explicitly states: 'Data and intellectual property entered into Jasper is NOT used to train underlying LLMs.' Customer inputs are not used to train Jasper's models or third-party LLM providers. Company does not retain ownership of user outputs.

    // Security controls

    Encryption in Transit

    TLS 1.2 or higher

    jasper.ai

    Encryption at Rest

    AES-256

    jasper.ai

    Database Connections

    SSL encryption with TLS certificates

    jasper.ai

    Penetration Testing

    Annual independent third-party network and application penetration tests; weekly internal and external vulnerability scans

    jasper.ai

    Multi-Factor Authentication

    MFA required for production and administrative access

    jasper.ai

    Single Sign-On (SSO)

    Enabled for enterprise customers

    jasper.ai

    SCIM

    System for Cross-domain Identity Management enabled for automated user provisioning

    jasper.ai

    Audit Logs

    Available for enterprise customers; granular permissions

    jasper.ai

    Centralized Logging

    Centralized logging and monitoring of production systems

    jasper.ai

    Uptime SLA

    Designed for 99.99% uptime

    jasper.ai

    // Products & data scope

    Jasper Platform (Core)AI Marketing Agent Platform

    data: Marketing content, brand guidelines, campaign data, customer audience profiles, product knowledge. Does NOT include customer training data for LLM training.

    Main product offering: agent-based marketing workspace with 100+ specialized agents, content pipelines, brand control (Jasper IQ). Used by enterprise marketing teams (e.g., Adidas, Cushman & Wakefield).

    Jasper IQBrand Intelligence & Governance

    data: Brand voice guidelines, style guides, audience profiles, product knowledge

    Context layer that embeds brand guidelines, tone, and messaging into all outputs across the team.

    GEO AgentAI Search Optimization

    data: Marketing content for AI search optimization

    Newly announced agent for optimizing brand visibility in AI-powered search results.

    Jasper APIs & MCP ServerIntegration & Developer Tools

    data: API access to platform capabilities; MCP server allows brand context to travel into other AI tools

    Enables programmatic access and integration with third-party AI tools while maintaining brand context.

    // What to watch

    • CERT_DISCREPANCY: Third-party security profiles (Nudge Security) claim Jasper holds ISO 27001, HIPAA, FedRamp, and CSA STAR certifications. However, these certifications are NOT explicitly mentioned on any primary jasper.ai domain pages (trust, security, enterprise, ethics, legal). The Nudge profile may be outdated or conflating certifications from different Jasper products.
    • IDENTITY_CLARITY: 'Jasper Health' (separate entity) offers HIPAA-compliant CARE+ product. Main Jasper AI platform (marketing tools) does not claim HIPAA compliance, which is correct for a marketing-focused product.
    • COMPLIANCE_PORTAL_RESTRICTED: Jasper maintains a compliance portal at security.jasper.ai (powered by SafeBase) that may contain additional certification details, but this portal is likely behind authentication and could not be accessed for verification.
    • DATA_TRAINING_CLARITY: Jasper explicitly and consistently states across multiple pages that customer data is NOT used to train LLMs. This is a strong privacy commitment and differentiator.
    • DPA_CONDITIONAL: DPA is available but only applies to customers who have signed it or incorporated it into their contract; not universally applied.

    // At a glance

    Pricing model

    Subscription-based (free tier available, paid plans for Pro and Enterprise)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Jasper AI, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    jasper.ai

    > Browse all vendor trust reports