// Trust & Security Report
Jenni AI, Inc.
Jenni AI — an AI-powered academic writing and research workspace. Users can import papers, write with AI-assisted autocomplete grounded in user's own sources, generate citations in 10,000+ styles, conduct literature reviews, access 248M+ academic papers, and collaborate in real-time. Used by 6M+ academics and researchers globally.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: jenni.aiJenni acknowledges GDPR but does not claim formal GDPR compliance certification. Privacy policy references EU user rights (14-day refund) but no 'GDPR compliant' badge or audit report.
source: jenni.aiThe Services are not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.)
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States (explicit). Terms of Service state 'The Services are hosted in the United States...you expressly consent to have your data transferred to and processed in the United States.' Firebase/Google (US) used for auth and library storage. No EU/regional data residency option documented.
Jenni AI documentation states: 'Your drafts, prompts, and outputs are not used to train Jenni models or upstream provider models.' It further states 'Jenni's upstream providers are contractually prohibited from training on Jenni user data.' User drafts, prompts, and outputs are not used for model training, and only the minimum context needed for a requested action is sent to upstream AI providers.
// Security controls
Encryption in transit
SSL/TLS encryption implied; policy states 'no method of transmission over the Internet is 100% secure'
jenni.aiAuthentication
Firebase-based authentication (email/password); mentions OAuth support (Google, Microsoft implied from feature descriptions)
jenni.aiData storage
Jenni servers (bibliographic metadata, PDFs, page content); Firebase/Google (user authentication, Firestore, Cloud Storage); PostHog (analytics only)
jenni.aiThird-party audit
No SOC 2, ISO 27001, or other formal third-party audit reports found or referenced
jenni.aiVendor risk
Depends on Google/Firebase security posture; Jenni does not hold independent certifications to backstop this
jenni.ai// Products & data scope
data: User-uploaded PDFs, writing drafts, prompts, outputs, cited sources, library collections
Primary product; free and paid tiers; supports batch imports from Zotero/Mendeley; integrates with 200M+ academic database (Semantic Scholar, PubMed, arXiv, CrossRef)
data: Limited local state (auth tokens, import history capped at 50 URLs, auto-cleared after 7 days); no persistent browsing history
Companion extension for quick access; minimal data footprint
// What to watch
- OVER-CLAIM: Nudge Security reports Jenni AI holds SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, FedRAMP, CSA STAR Level 1 certifications. However, Jenni AI's own privacy policy and terms of service (https://jenni.ai/privacy-policy, https://jenni.ai/terms) make ZERO mention of these certifications. Terms explicitly disclaim HIPAA compliance: 'The Services are not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.).' Third-party claims are not substantiated by vendor documentation.
- MISSING TRUST CENTER: Jenni AI has no dedicated security, trust center, or compliance page. Security/compliance info is scattered across privacy policy, terms, and help articles.
- NO PUBLIC DPA: No Data Processing Agreement document publicly available; contact required for DPA or formal GDPR representation agreement.
- DATA RESIDENCY: US-only. Terms of Service explicitly state the Services are hosted in the United States and data is transferred to and processed in the US; heavy reliance on Google/Firebase (US-based). No EU/regional data residency option is offered.
- DEPENDENT ON THIRD-PARTY SECURITY: Data stored partially on Firebase/Google; Jenni's own security posture not independently audited. No vendor-domain certifications mean customers must rely on Google's SOC 2 Type II, not Jenni's own assurance.
- POSITIVE: Strong data-handling transparency — explicit no-training-on-user-data commitment with contractual upstream provider obligations.
- POSITIVE: Large user base (6M+) and published research provide some market validation.
// At a glance
Pricing model
Freemium + paid tiers (Standard, Premium, Professional); no public per-seat or enterprise pricing listed
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Jenni AI, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
jenni.ai