// Trust & Security Report

    Jacquard Group Limited (formerly Phrasee) logo

    Jacquard Group Limited (formerly Phrasee)

    Jacquard is an enterprise AI marketing-language platform (formerly branded Phrasee, rebranded June 2024 after merging with Boomtrain) that generates, calibrates, and optimizes on-brand marketing copy for email, SMS, mobile push, in-app, and web push. Core sub-products include the Language² generation engine (brand-compliant copy generation with guardrails), Neural² (proprietary performance-prediction model trained on ~60B first-party messaging data points, not a general-purpose LLM), Audience-Wide Optimization (replacing A/B testing), and Contextual/1:1 Personalization. Sold enterprise-only via demo/sales, no self-serve consumer tier.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    Security Certification. Jacquard is ISO 27001 certified. Jacquard shall maintain an industry-standard certification or third-party assessment of compliance with the security standards identified in Section 3 of this Addendum ... updated at least annually.

    Verify on jacquard.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. The vendor's own Information Security Addendum lists only ISO 27001 under 'Security Certification' (Section 4); no SOC 2 report, badge, or reference appears on jacquard.com, in the addendum, the DPA, or the privacy policy.

    source: jacquard.com
    HIPAA
    NOT CONFIRMED

    No public evidence. No mention of HIPAA, PHI, or BAAs anywhere on jacquard.com or in the Information Security Addendum / DPA / Privacy Policy. Consistent with an enterprise marketing (non-healthcare) product.

    source: jacquard.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not referenced on jacquard.com or in the legal/security documents reviewed; Jacquard's product does not process cardholder payment data on behalf of customers.

    source: jacquard.com
    ISO 27701 (Privacy)
    NOT CONFIRMED

    No public evidence. Only ISO 27001 is cited as a held certification in the Information Security Addendum; ISO 27701 is not mentioned.

    source: jacquard.com
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification anywhere on jacquard.com or in linked legal PDFs, despite Jacquard being an AI-generation product.

    source: jacquard.com
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not referenced on jacquard.com or in any reviewed legal/security document.

    source: jacquard.com
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not referenced anywhere on jacquard.com; no indication of US federal government authorization.

    source: jacquard.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary hosting/servers described as based in Ireland, with Jacquard entities/subsidiaries in the US and UK/Canada; Data Processing Addendum implements Standard Contractual Clauses (GDPR and UK GDPR) for cross-border transfers and maintains a subprocessor list (Annex 2).

    Jacquard states on its own product page: 'we never allow LLMs to train on your data and our proprietary language generation isn't LLM-dependent.' Its Neural² model is described as trained on Jacquard's own decade-long, ~60-billion-data-point messaging corpus, not on individual customers' brand/campaign content. The Information Security Addendum separately prohibits Jacquard from using Client Confidential Information 'for any purpose other than to provide the Services' or to 'create any derivative work or product for the benefit of Jacquard or any other party without Client's express, written authorization,' which reinforces the no-training claim contractually. No tier-based exception was found (single enterprise offering, no free/self-serve tier observed).

    // Security controls

    Breach notification

    24 hours to first-detection notice, 48 hours to full written notice of a Data Incident, per the Information Security Addendum.

    jacquard.com

    Penetration testing

    Vendor commits to at least annual vulnerability and penetration assessments, with findings and remediation shared with clients on request.

    jacquard.com

    Access controls

    Single sign-on (SSO), role-based permissions, and a built-in approval process for content access within the platform.

    jacquard.com

    Uptime commitment

    99.9% uptime guarantee stated on the core platform product page.

    jacquard.com

    Cross-border data transfer

    Standard Contractual Clauses used for EEA/UK personal data transfers; Information Security Addendum requires client consent before any cross-border transfer of Client Confidential Information.

    jacquard.com

    Data retention/deletion

    Personal data retained only as long as necessary for stated purposes; upon request or contract termination, client data is returned or securely purged/deleted per agreed schedules.

    jacquard.com

    // Products & data scope

    Jacquard Platform (Language² + Neural²)AI marketing content generation & optimization (enterprise)

    data: Ingests customer brand guidelines, campaign briefs, and first-party customer/product profile data supplied by the client to generate and calibrate on-brand copy; does not use client data to train shared/third-party LLMs.

    Single enterprise product family, sold via 'Book a Demo' sales motion. No self-serve or free consumer tier found, so no lighter-weight/consumer data-scope variant to compare against the enterprise tier.

    // What to watch

    • Vendor rebranded from Phrasee to Jacquard in June 2024 (merger with Boomtrain); the AIFOXX slug 'phrasee' and current vendor identity 'Jacquard' refer to the same legal entity/product line — confirmed via the vendor's own site (jacquard.com) and independent press coverage (BusinessWire, June 2024). List under current brand name 'Jacquard' with a 'formerly Phrasee' note to avoid user confusion.
    • No SOC 2 report found despite Jacquard being a mid-size enterprise SaaS vendor serving large brands (Currys, TUI, P&O Cruises) — worth a direct question to the vendor if SOC 2 is a hard requirement for a prospective enterprise buyer, since only ISO 27001 is documented.
    • No dedicated trust center page was found; all security/compliance claims are sourced from legal PDFs and product pages rather than a consolidated trust portal.

    // At a glance

    Pricing model

    Enterprise sales-led (demo required); no public self-serve pricing found on jacquard.com.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Jacquard Group Limited (formerly Phrasee)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    jacquard.com

    > Browse all vendor trust reports