// Trust & Security Report
Lantirn, Inc. (d/b/a Re:amaze, a GoDaddy company)
Re:amaze is a unified customer service / helpdesk / live-chat platform for eCommerce and online businesses (email, chat, social, SMS, VoIP), with an AI Agent (Beta), AI-assisted article/reply drafting (Cues, Peek co-browse), and embeddable Help Center. Acquired by GoDaddy in 2021; runs as a standalone product line without its own trust center, operating instead under GoDaddy's shared privacy/legal framework.
Certifications held
1
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on reamaze.com“"Our Controller to Processor Data Processing Amendment (“DPA”), which is hereby incorporated by reference, is meant to provide you contractual assurance that we have robust mechanisms to ensure the processing of Customer Data, including transfers of Customer Data from the European Economic Area to a third country, meets with compliance under applicable data privacy laws... you (and your applicable affiliates) are considered the Data Controller/Data Exporter... acceptance of the Terms of Service... will also be treated as your acknowledgement and acceptance of the Controller to Processor DPA and its appendices (including the Standard Contractual Clauses)."”
> Show 8 unconfirmed / not-held certifications
source: reamaze.comNo SOC 2 report, badge, or mention exists on reamaze.com, support.reamaze.com, or in the Terms of Service/Privacy Policy. Direct probes of reamaze.com/security, /trust, /trust-center, and /compliance all resolve to the marketing homepage (no dedicated page exists). Parent company GoDaddy states elsewhere: "GoDaddy is not currently audited for SOC or SSAE 18 compliance" (godaddy.com/help/godaddy-soc-or-ssae-18-compliance-6097), so no SOC 2 coverage can be inherited from the parent either.
source: reamaze.comNo ISO 27001 certificate is referenced anywhere on reamaze.com or support.reamaze.com. Parent GoDaddy holds ISO 27001:2013 only for its "domain registrar and registry service" (per GoDaddy community/help sources), a scope that explicitly does not cover the Re:amaze/Lantirn product. No public evidence Re:amaze/Lantirn itself is certified.
source: reamaze.comNo public evidence. No mention of HIPAA, a Business Associate Agreement (BAA), or PHI handling anywhere on reamaze.com, support.reamaze.com, or in the Terms of Service. Product is marketed to eCommerce/SaaS support use cases, not healthcare, so this is likely simply out of scope rather than an omission.
source: reamaze.comNo public evidence of a PCI DSS attestation for Re:amaze/Lantirn itself. Re:amaze integrates with payment processors (e.g., Stripe) but does not claim its own PCI certification anywhere in captured pages.
source: reamaze.comNo public evidence found on any reamaze.com or support.reamaze.com page.
source: reamaze.comNo public evidence of an AI-management-system certification. AI features (AI Agent Beta, Cues, article generation) are instead governed contractually by GoDaddy's AI Terms of Use, not by an ISO 42001 or CSA STAR AI attestation.
source: reamaze.comNo public evidence found on reamaze.com or support.reamaze.com, and no CSA STAR registry entry surfaced in vendor-domain search results.
source: reamaze.comNo public evidence; Re:amaze is not marketed to US federal government customers.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Not publicly documented for Re:amaze/Lantirn specifically. GoDaddy's Global Privacy Notice provides regional supplements/contacts for the US, UK, EU/EEA/Switzerland, and Asia (privacy@godaddy.com; offices in Tempe AZ, London, Cologne, Singapore), but no dedicated data-residency or server-location statement for the Re:amaze product was found.
Re:amaze's Terms of Service state: "If you use AI features, capabilities, tools, or bots through our Site or Applications, you agree that the GoDaddy AI Terms of Use govern such use and are incorporated as part of these Terms" (reamaze.com/tos). No customer-facing opt-out from this training use was found for the Re:amaze AI Agent specifically.
// Security controls
Encryption in transit / at rest
No dedicated security page exists on reamaze.com. A support-KB FAQ (not independently re-fetchable with full confidence) references "generally accepted standards to store and protect personal information, both during transmission and once received and stored, including utilization of encryption where appropriate" but gives no specifics (algorithm, at-rest coverage). Treat as an unverified, low-detail claim.
support.reamaze.comTwo-factor authentication
Re:amaze's first-party support KB documents an enhanced account authentication system that requires re-authentication for sensitive changes (password or email updates); two-factor authentication is available as an account-level setting. Note: the detailed SMS-based 2FA walkthrough at clienthub.reamaze.com was NOT used as evidence here, because that subdomain is a third-party customer's ("Client Hub") white-label help site, not Re:amaze's own KB.
support.reamaze.comData Processing Amendment / SCCs
Standard Contractual Clauses are attached to Re:amaze's Controller-to-Processor DPA for EEA data transfers; incorporated by reference into the Terms of Service and available on request via privacy@reamaze.com.
reamaze.comDedicated trust/security page
None. reamaze.com/security, /trust, /trust-center, and /compliance all resolve to the generic marketing homepage rather than a security-specific page, confirming no public trust center exists.
reamaze.com// Products & data scope
data: Customer support conversations, contact profiles, browsing/shopping behavior data collected via embedded widget (Reamaze.js) and connected email/social/SMS channels.
Primary product; sold on paid subscription tiers. No tier-specific security differentiation (e.g., enterprise-only SSO/audit-log/BAA options) was found publicly documented.
data: Ingests business/knowledge-base content and live customer conversation data to generate autonomous replies.
Governed by GoDaddy's AI Terms of Use, which permit use of customer Input to train/improve ML models. No opt-out surfaced. Still labeled "Beta" as of the captured homepage copy.
data: Third-party developers can pull custom profile/app data into the Re:amaze dashboard via SDK and JSON API.
No separate security documentation found for the SDK/API surface beyond the general ToS and DPA.
// What to watch
- Identity-conflation risk found and excluded: a "SOC 2 compliance information" FAQ exists at clienthub.reamaze.com, but that subdomain belongs to a third-party customer ("Client Hub") that merely uses Re:amaze's white-label help-center platform to host its own support site. That page discusses Client Hub's own infrastructure (AWS/GCP), not Re:amaze's, and must never be cited as Re:amaze/Lantirn's own SOC 2 evidence.
- Parent-vs-vendor cert scope: GoDaddy (parent) publicly states it is "not currently audited for SOC or SSAE 18 compliance," and its ISO 27001:2013 certification is scoped to its domain registrar/registry service only, not to Re:amaze/Lantirn. Neither cert transfers to this product.
- Privacy Policy is entirely a pass-through to GoDaddy's corporate Global Privacy Notice rather than a Re:amaze-specific policy.
- No HIPAA or PCI DSS claims found; reasonable given the eCommerce/SaaS support focus, but means Re:amaze should not be listed as HIPAA-ready or used for PHI without direct vendor confirmation.
// At a glance
Pricing model
Subscription (per-agent paid plans) with a 14-day free trial; no credit card required to start.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Lantirn, Inc. (d/b/a Re:amaze, a GoDaddy company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
reamaze.com