// Trust & Security Report
Reclaim.ai Inc.
AI calendar/scheduling assistant for work and life; single product surface (web app + browser extension + Google/Outlook calendar sync) with tiered plans (Lite/free, Starter, Business, Enterprise) rather than distinct sub-products. Enterprise tier adds SSO/SCIM and org-wide analytics.
Certifications held
4
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.reclaim.ai“We have completed our first SOC2 Type II audit with A-Lign. ... Reclaim is SOC2 Type II certified as of September 2023, and was renewed in 2024.”
Verify on reclaim.ai“Reclaim is committed to complying with the General Data Protection Regulation (GDPR)... Data Processing Addendum incorporated into business terms; EU-US Data Privacy Framework re-certification completed.”
Verify on trust.reclaim.ai“We have completed our re-certification under the Data Privacy Framework.”
Verify on reclaim.ai“Reclaim is committed to complying with the ... California Consumer Privacy Act (CCPA).”
> Show 6 unconfirmed / not-held certifications
source: reclaim.aiNo HIPAA or ISO 27001 certifications are mentioned on this trust center page. Reclaim's own security page references ISO 27001 only in the context of AWS's data-center compliance standards (the cloud host's certification, not Reclaim's own).
source: trust.reclaim.aiNo public evidence on Reclaim's own trust center, security page, or help center of a HIPAA compliance program or BAA offering. A third-party aggregator search result claimed 'HIPAA compliant' but this is not corroborated on any reclaim.ai-owned page and is treated as unverified marketing noise, not vendor evidence.
source: reclaim.aiNot listed on the trust center or security page; billing is handled via Stripe (a PCI DSS Level 1 subprocessor), so Reclaim itself does not directly handle card data. No public evidence of a Reclaim-held PCI DSS certification.
source: trust.reclaim.aiNo public evidence on any reclaim.ai-owned page. Not a government-focused product; not listed on trust center.
source: trust.reclaim.aiNo public evidence on any reclaim.ai-owned page. Not listed on trust center.
source: reclaim.aiNo public evidence of an AI governance certification. Reclaim addresses AI-data-use posture only via a contractual privacy-policy commitment, not a certified AI management system.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States (AWS us-east-1 / us-east-2 with redundancy; GCP and Microsoft also listed as US-region subprocessors)
Privacy policy states: 'We will not use and will not authorize any of our third-party service providers to use your Personal Data (including your Calendar Data or App Data) to train any large language or other generative AI models unless we have separately and explicitly obtained your prior consent or you have expressly opted into our use of your Personal Data for such purposes through the Services.' The subprocessors page lists OpenAI as an AI subprocessor 'by opt-in only' for AI-enabled features (LLMs and embeddings), consistent with the opt-in framing. No tier-based difference in this policy was found (applies across plans); no legacy-ToS contradiction found (ToS itself is silent on AI training and defers to the privacy policy).
// Security controls
Encryption in transit
HTTPS and TLS forced with modern ciphers on all network transactions
reclaim.aiHosting infrastructure
Amazon Web Services (US) with redundancy across us-east-1 and us-east-2; secondary use of Google Cloud Platform for API access management
reclaim.aiSSO & SCIM
Authenticate with your IdP for SSO & provision users via SCIM (Enterprise tier)
reclaim.aiExternal security ratings
SecurityScorecard Grade A; Qualys SSL Labs (app.reclaim.ai) A+; Security Headers (app.reclaim.ai) A
trust.reclaim.aiOperational security controls
Trust center documents encryption-at-rest, data backups, audit logging, access control, incident response, and vulnerability/patch management practices
trust.reclaim.ai// Products & data scope
data: Google/Outlook calendar data, task-list integrations (Asana, ClickUp, Jira, Linear), Slack status sync
Core product; same privacy/security posture applies across paid tiers. No SSO/SCIM below Enterprise.
data: Same calendar/task data plus org-wide analytics, SSO/SCIM identity data, company-wide 'Initiatives' and dashboards
Adds enterprise identity/access management (SSO, SCIM) and admin-level usage analytics not present in individual/team tiers.
// What to watch
- A third-party aggregator search result claimed Reclaim is 'HIPAA compliant, PCI compliant, ISO 27001 compliant, FedRAMP compliant, and CSA Star Level 1 compliant' -- none of this is corroborated on any reclaim.ai-owned page (the trust center explicitly does not list HIPAA or ISO 27001). Treated as an unverifiable over-claim and excluded from held=true grading; flagging so AIFOXX does not inherit this over-claim from secondary sources.
- reclaim.ai/security references ISO 27001 only as an AWS data-center compliance standard -- this is the cloud host's certification, not Reclaim's own, and was graded held=false for Reclaim accordingly to avoid host/vendor conflation.
- AI training posture is opt-in and consent-gated per the current privacy policy and subprocessors page (OpenAI used 'by opt-in only'); no legacy-ToS contradiction found, but this should be periodically re-verified since AI feature terms evolve quickly.
// At a glance
Pricing model
Freemium/subscription tiers (Lite/free, Starter, Business, Enterprise; per-seat pricing)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Reclaim.ai Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.reclaim.ai