// Trust & Security Report
Jacquard Group Limited (formerly Phrasee)
Jacquard is an enterprise AI marketing-language platform (formerly branded Phrasee, rebranded June 2024 after merging with Boomtrain) that generates, calibrates, and optimizes on-brand marketing copy for email, SMS, mobile push, in-app, and web push. Core sub-products include the Language² generation engine (brand-compliant copy generation with guardrails), Neural² (proprietary performance-prediction model trained on ~60B first-party messaging data points, not a general-purpose LLM), Audience-Wide Optimization (replacing A/B testing), and Contextual/1:1 Personalization. Sold enterprise-only via demo/sales, no self-serve consumer tier.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on jacquard.com“Security Certification. Jacquard is ISO 27001 certified. Jacquard shall maintain an industry-standard certification or third-party assessment of compliance with the security standards identified in Section 3 of this Addendum ... updated at least annually.”
> Show 7 unconfirmed / not-held certifications
source: jacquard.comNo public evidence. The vendor's own Information Security Addendum lists only ISO 27001 under 'Security Certification' (Section 4); no SOC 2 report, badge, or reference appears on jacquard.com, in the addendum, the DPA, or the privacy policy.
source: jacquard.comNo public evidence. No mention of HIPAA, PHI, or BAAs anywhere on jacquard.com or in the Information Security Addendum / DPA / Privacy Policy. Consistent with an enterprise marketing (non-healthcare) product.
source: jacquard.comNo public evidence. Not referenced on jacquard.com or in the legal/security documents reviewed; Jacquard's product does not process cardholder payment data on behalf of customers.
source: jacquard.comNo public evidence. Only ISO 27001 is cited as a held certification in the Information Security Addendum; ISO 27701 is not mentioned.
source: jacquard.comNo public evidence of ISO 42001 certification anywhere on jacquard.com or in linked legal PDFs, despite Jacquard being an AI-generation product.
source: jacquard.comNo public evidence. Not referenced on jacquard.com or in any reviewed legal/security document.
source: jacquard.comNo public evidence. Not referenced anywhere on jacquard.com; no indication of US federal government authorization.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Primary hosting/servers described as based in Ireland, with Jacquard entities/subsidiaries in the US and UK/Canada; Data Processing Addendum implements Standard Contractual Clauses (GDPR and UK GDPR) for cross-border transfers and maintains a subprocessor list (Annex 2).
Jacquard states on its own product page: 'we never allow LLMs to train on your data and our proprietary language generation isn't LLM-dependent.' Its Neural² model is described as trained on Jacquard's own decade-long, ~60-billion-data-point messaging corpus, not on individual customers' brand/campaign content. The Information Security Addendum separately prohibits Jacquard from using Client Confidential Information 'for any purpose other than to provide the Services' or to 'create any derivative work or product for the benefit of Jacquard or any other party without Client's express, written authorization,' which reinforces the no-training claim contractually. No tier-based exception was found (single enterprise offering, no free/self-serve tier observed).
// Security controls
Breach notification
24 hours to first-detection notice, 48 hours to full written notice of a Data Incident, per the Information Security Addendum.
jacquard.comPenetration testing
Vendor commits to at least annual vulnerability and penetration assessments, with findings and remediation shared with clients on request.
jacquard.comAccess controls
Single sign-on (SSO), role-based permissions, and a built-in approval process for content access within the platform.
jacquard.comCross-border data transfer
Standard Contractual Clauses used for EEA/UK personal data transfers; Information Security Addendum requires client consent before any cross-border transfer of Client Confidential Information.
jacquard.comData retention/deletion
Personal data retained only as long as necessary for stated purposes; upon request or contract termination, client data is returned or securely purged/deleted per agreed schedules.
jacquard.com// Products & data scope
data: Ingests customer brand guidelines, campaign briefs, and first-party customer/product profile data supplied by the client to generate and calibrate on-brand copy; does not use client data to train shared/third-party LLMs.
Single enterprise product family, sold via 'Book a Demo' sales motion. No self-serve or free consumer tier found, so no lighter-weight/consumer data-scope variant to compare against the enterprise tier.
// What to watch
- Vendor rebranded from Phrasee to Jacquard in June 2024 (merger with Boomtrain); the AIFOXX slug 'phrasee' and current vendor identity 'Jacquard' refer to the same legal entity/product line — confirmed via the vendor's own site (jacquard.com) and independent press coverage (BusinessWire, June 2024). List under current brand name 'Jacquard' with a 'formerly Phrasee' note to avoid user confusion.
- No SOC 2 report found despite Jacquard being a mid-size enterprise SaaS vendor serving large brands (Currys, TUI, P&O Cruises) — worth a direct question to the vendor if SOC 2 is a hard requirement for a prospective enterprise buyer, since only ISO 27001 is documented.
- No dedicated trust center page was found; all security/compliance claims are sourced from legal PDFs and product pages rather than a consolidated trust portal.
// At a glance
Pricing model
Enterprise sales-led (demo required); no public self-serve pricing found on jacquard.com.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Jacquard Group Limited (formerly Phrasee)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
jacquard.com