// Trust & Security Report

    Jungle Scout LLC logo

    Jungle Scout LLC

    Amazon intelligence and seller tools (Catalyst for SMBs, Cobalt for enterprise, Cloud for data API, MCP for AI integration, AI Assist for AI-powered features)

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No public evidence or mention on vendor domain

    source: junglescout.com
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence or mention on vendor domain

    source: junglescout.com
    ISO 27001
    NOT CONFIRMED

    No public evidence or mention on vendor domain

    source: junglescout.com
    ISO 27017
    NOT CONFIRMED

    No public evidence or mention on vendor domain

    source: junglescout.com
    ISO 27018
    NOT CONFIRMED

    No public evidence or mention on vendor domain

    source: junglescout.com
    GDPR (posture/compliance)
    NOT CONFIRMED

    Privacy policy acknowledges GDPR rights for EU users but makes no compliance certification claim. Policy states: 'The Personal Data that you provide to us is generally stored on servers located in the United States' - U.S. only storage may not satisfy GDPR requirements for some use cases.

    source: junglescout.com
    HIPAA
    NOT CONFIRMED

    No mention. Jungle Scout is an Amazon seller/marketplace intelligence tool, not a healthcare product. HIPAA does not apply.

    source: junglescout.com
    PCI DSS
    NOT CONFIRMED

    No public evidence or mention on vendor domain. Jungle Scout does not handle payment card data directly.

    source: junglescout.com
    Amazon Audit Attestation
    NOT CONFIRMED

    Privacy Center states 'Amazon has audited and approved our protection processes.' This is a vendor audit, not a third-party certification. No SOC 2 or equivalent attestation produced.

    source: junglescout.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States only

    Jungle Scout's own documentation does not disclose whether customer data is used to train its AI models. The AI Assist help center describes AI Assist Chat as drawing on Jungle Scout's knowledge base (Help Center articles, blog posts, and select YouTube transcripts) rather than training on customer data, and notes the feature is in early beta and may produce inaccurate results. The privacy policy and the AI Assist product page contain no statement that customer data is used to train the AI, and no training opt-out is documented. A claim that the AI is 'trained on large volumes of customers and Jungle Scout proprietary data' appeared only on a third-party affiliate blog, not on the vendor's own domain, so it is not treated as a vendor statement. No Data Processing Agreement found.

    // Security controls

    Encryption in transit

    No specific encryption standard (for example AES-256 or an OpenSSL implementation) is documented on Jungle Scout's public privacy pages. The Privacy Center describes general safeguards but does not specify encryption protocols for data in transit or for credentials.

    junglescout.com

    Encryption at rest

    Not explicitly documented

    junglescout.com

    Server infrastructure

    Privacy Center states 'We employ thousands of secure servers to safeguard your data.' No further infrastructure detail (firewalling, DDoS protection, or CDN provider) is documented on the vendor's public pages.

    junglescout.com

    Staff access controls

    Per the Privacy Center, customer service representatives may access customer accounts to respond to inquiries. No public documentation of staff multi-factor authentication or other internal access controls was found on the vendor domain.

    junglescout.com

    Fraud detection

    Uses own methods and third-party tools to detect fraudulent behavior

    junglescout.com

    Data retention after termination

    MSA states: 'Jungle Scout has no obligation to retain Submitted Data beyond ninety (90) days after the expiration or termination of Services.'

    junglescout.com

    Incident response

    Not documented. No public incident response policy or SLA commitments found.

    junglescout.com

    // Products & data scope

    Jungle Scout CatalystAmazon seller tools / SMB SaaS

    data: Amazon marketplace data, seller performance metrics, keyword research, product analysis

    All-in-one toolkit for Amazon sellers. Uses AI Assist for recommendations and analysis. Data stored in U.S.

    Jungle Scout CobaltAmazon intelligence / Enterprise SaaS

    data: Amazon category benchmarking, competitor analysis, pricing trends, brand performance, sales estimates

    Enterprise platform for brands and agencies. Amazon-audited. Serves large brands with pricing/benchmarking/reseller control features.

    Jungle Scout CloudData API / Analytics

    data: Direct API access to Amazon datasets for BI/analytics teams. Market share, velocity, pricing, sales data.

    Allows organizations to integrate Amazon data into internal systems. Uses Model Context Protocol (MCP) for AI integration.

    Jungle Scout MCPAI integration / Model Context Protocol

    data: Structured access to Jungle Scout Amazon data from AI platforms

    New feature enabling plain-English queries to AI systems backed by Jungle Scout data. No explicit data security/training disclosures on product page.

    AI Assist (feature across products)AI-powered analysis

    data: Customer account data, Amazon seller data, product reviews, listings

    Available in Catalyst and Cobalt. Trains on customer and Jungle Scout proprietary data. No clear data residency guarantees for AI processing.

    // What to watch

    • No formal security certifications (SOC 2, ISO 27001) despite serving enterprise customers and handling seller/brand data
    • No Data Processing Agreement (DPA) documented - may not satisfy GDPR requirements for EU customers
    • U.S. data residency only - does not offer EU data residency or address GDPR concerns for EU users
    • Whether AI Assist trains on customer data is not disclosed on the vendor domain; the AI Assist help center indicates the chat draws on Jungle Scout's knowledge base (help articles, blog, YouTube transcripts) rather than training on customer data. A 'trains on customer data' claim traces only to a third-party affiliate blog, not the vendor.
    • No specific encryption standard (AES-256, TLS version) or staff MFA is documented on the vendor's public privacy pages; only 'Amazon has audited and approved our protection processes' and 'thousands of secure servers' are stated verbatim.
    • MSA explicitly disclaims security liability: 'Jungle Scout is not liable for any loss or damage from Customer's failure to comply with security obligations' and services provided 'AS IS' with no warranties
    • No incident response SLA or public incident response policy documented
    • Amazon audit mentioned but no third-party security audit report or certification produced
    • Thin public security documentation for a company handling brand/seller financial data and intelligence
    • No mention of encryption at rest for stored customer data
    • No formal enterprise SLA commitments in MSA (no uptime guarantee, no incident response procedures)

    // At a glance

    Pricing model

    Freemium (free browser extension) + SaaS subscription tiers (Growth Accelerator, Brand Owner, Enterprise/Cobalt pricing on request)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Jungle Scout LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    junglescout.com

    > Browse all vendor trust reports