// Trust & Security Report

    Jenni AI, Inc. logo

    Jenni AI, Inc.

    Jenni AI — an AI-powered academic writing and research workspace. Users can import papers, write with AI-assisted autocomplete grounded in user's own sources, generate citations in 10,000+ styles, conduct literature reviews, access 248M+ academic papers, and collaborate in real-time. Used by 6M+ academics and researchers globally.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type I or II)
    NOT CONFIRMED

    no public evidence

    source: jenni.ai
    ISO 27001
    NOT CONFIRMED

    no public evidence

    source: jenni.ai
    GDPR
    NOT CONFIRMED

    Jenni acknowledges GDPR but does not claim formal GDPR compliance certification. Privacy policy references EU user rights (14-day refund) but no 'GDPR compliant' badge or audit report.

    source: jenni.ai
    HIPAA
    NOT CONFIRMED

    The Services are not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.)

    source: jenni.ai
    PCI DSS
    NOT CONFIRMED

    no public evidence

    source: jenni.ai
    FedRAMP
    NOT CONFIRMED

    no public evidence

    source: jenni.ai
    CSA STAR
    NOT CONFIRMED

    no public evidence

    source: jenni.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    United States (explicit). Terms of Service state 'The Services are hosted in the United States...you expressly consent to have your data transferred to and processed in the United States.' Firebase/Google (US) used for auth and library storage. No EU/regional data residency option documented.

    Jenni AI documentation states: 'Your drafts, prompts, and outputs are not used to train Jenni models or upstream provider models.' It further states 'Jenni's upstream providers are contractually prohibited from training on Jenni user data.' User drafts, prompts, and outputs are not used for model training, and only the minimum context needed for a requested action is sent to upstream AI providers.

    // Security controls

    Encryption in transit

    SSL/TLS encryption implied; policy states 'no method of transmission over the Internet is 100% secure'

    jenni.ai

    Authentication

    Firebase-based authentication (email/password); mentions OAuth support (Google, Microsoft implied from feature descriptions)

    jenni.ai

    Data storage

    Jenni servers (bibliographic metadata, PDFs, page content); Firebase/Google (user authentication, Firestore, Cloud Storage); PostHog (analytics only)

    jenni.ai

    Third-party audit

    No SOC 2, ISO 27001, or other formal third-party audit reports found or referenced

    jenni.ai

    Vendor risk

    Depends on Google/Firebase security posture; Jenni does not hold independent certifications to backstop this

    jenni.ai

    // Products & data scope

    Jenni AI (Core)AI Academic Writing & Research

    data: User-uploaded PDFs, writing drafts, prompts, outputs, cited sources, library collections

    Primary product; free and paid tiers; supports batch imports from Zotero/Mendeley; integrates with 200M+ academic database (Semantic Scholar, PubMed, arXiv, CrossRef)

    Jenni Browser ExtensionBrowser Add-on

    data: Limited local state (auth tokens, import history capped at 50 URLs, auto-cleared after 7 days); no persistent browsing history

    Companion extension for quick access; minimal data footprint

    // What to watch

    • OVER-CLAIM: Nudge Security reports Jenni AI holds SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, FedRAMP, CSA STAR Level 1 certifications. However, Jenni AI's own privacy policy and terms of service (https://jenni.ai/privacy-policy, https://jenni.ai/terms) make ZERO mention of these certifications. Terms explicitly disclaim HIPAA compliance: 'The Services are not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.).' Third-party claims are not substantiated by vendor documentation.
    • MISSING TRUST CENTER: Jenni AI has no dedicated security, trust center, or compliance page. Security/compliance info is scattered across privacy policy, terms, and help articles.
    • NO PUBLIC DPA: No Data Processing Agreement document publicly available; contact required for DPA or formal GDPR representation agreement.
    • DATA RESIDENCY: US-only. Terms of Service explicitly state the Services are hosted in the United States and data is transferred to and processed in the US; heavy reliance on Google/Firebase (US-based). No EU/regional data residency option is offered.
    • DEPENDENT ON THIRD-PARTY SECURITY: Data stored partially on Firebase/Google; Jenni's own security posture not independently audited. No vendor-domain certifications mean customers must rely on Google's SOC 2 Type II, not Jenni's own assurance.
    • POSITIVE: Strong data-handling transparency — explicit no-training-on-user-data commitment with contractual upstream provider obligations.
    • POSITIVE: Large user base (6M+) and published research provide some market validation.

    // At a glance

    Pricing model

    Freemium + paid tiers (Standard, Premium, Professional); no public per-seat or enterprise pricing listed

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Jenni AI, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    jenni.ai

    > Browse all vendor trust reports