// Trust & Security Report

    Reclaim.ai Inc. logo

    Reclaim.ai Inc.

    AI calendar/scheduling assistant for work and life; single product surface (web app + browser extension + Google/Outlook calendar sync) with tiered plans (Lite/free, Starter, Business, Enterprise) rather than distinct sub-products. Enterprise tier adds SSO/SCIM and org-wide analytics.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    We have completed our first SOC2 Type II audit with A-Lign. ... Reclaim is SOC2 Type II certified as of September 2023, and was renewed in 2024.

    Verify on trust.reclaim.ai
    GDPR (posture/compliance program)
    HELD

    Reclaim is committed to complying with the General Data Protection Regulation (GDPR)... Data Processing Addendum incorporated into business terms; EU-US Data Privacy Framework re-certification completed.

    Verify on reclaim.ai
    EU-US Data Privacy Framework (DPF)
    HELD

    We have completed our re-certification under the Data Privacy Framework.

    Verify on trust.reclaim.ai
    CCPA compliance
    HELD

    Reclaim is committed to complying with the ... California Consumer Privacy Act (CCPA).

    Verify on reclaim.ai
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No HIPAA or ISO 27001 certifications are mentioned on this trust center page. Reclaim's own security page references ISO 27001 only in the context of AWS's data-center compliance standards (the cloud host's certification, not Reclaim's own).

    source: reclaim.ai
    HIPAA
    NOT CONFIRMED

    No public evidence on Reclaim's own trust center, security page, or help center of a HIPAA compliance program or BAA offering. A third-party aggregator search result claimed 'HIPAA compliant' but this is not corroborated on any reclaim.ai-owned page and is treated as unverified marketing noise, not vendor evidence.

    source: trust.reclaim.ai
    PCI DSS
    NOT CONFIRMED

    Not listed on the trust center or security page; billing is handled via Stripe (a PCI DSS Level 1 subprocessor), so Reclaim itself does not directly handle card data. No public evidence of a Reclaim-held PCI DSS certification.

    source: reclaim.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence on any reclaim.ai-owned page. Not a government-focused product; not listed on trust center.

    source: trust.reclaim.ai
    CSA STAR
    NOT CONFIRMED

    No public evidence on any reclaim.ai-owned page. Not listed on trust center.

    source: trust.reclaim.ai
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence of an AI governance certification. Reclaim addresses AI-data-use posture only via a contractual privacy-policy commitment, not a certified AI management system.

    source: reclaim.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States (AWS us-east-1 / us-east-2 with redundancy; GCP and Microsoft also listed as US-region subprocessors)

    Privacy policy states: 'We will not use and will not authorize any of our third-party service providers to use your Personal Data (including your Calendar Data or App Data) to train any large language or other generative AI models unless we have separately and explicitly obtained your prior consent or you have expressly opted into our use of your Personal Data for such purposes through the Services.' The subprocessors page lists OpenAI as an AI subprocessor 'by opt-in only' for AI-enabled features (LLMs and embeddings), consistent with the opt-in framing. No tier-based difference in this policy was found (applies across plans); no legacy-ToS contradiction found (ToS itself is silent on AI training and defers to the privacy policy).

    // Security controls

    Encryption in transit

    HTTPS and TLS forced with modern ciphers on all network transactions

    reclaim.ai

    Encryption at rest

    Databases and storage encrypted at rest via AES-256

    reclaim.ai

    Hosting infrastructure

    Amazon Web Services (US) with redundancy across us-east-1 and us-east-2; secondary use of Google Cloud Platform for API access management

    reclaim.ai

    SSO & SCIM

    Authenticate with your IdP for SSO & provision users via SCIM (Enterprise tier)

    reclaim.ai

    Uptime SLA

    99.9% uptime, advertised high availability & disaster recovery

    reclaim.ai

    External security ratings

    SecurityScorecard Grade A; Qualys SSL Labs (app.reclaim.ai) A+; Security Headers (app.reclaim.ai) A

    trust.reclaim.ai

    Operational security controls

    Trust center documents encryption-at-rest, data backups, audit logging, access control, incident response, and vulnerability/patch management practices

    trust.reclaim.ai

    // Products & data scope

    Reclaim.ai (Individual/Team plans: Lite, Starter, Business)AI calendar & scheduling assistant

    data: Google/Outlook calendar data, task-list integrations (Asana, ClickUp, Jira, Linear), Slack status sync

    Core product; same privacy/security posture applies across paid tiers. No SSO/SCIM below Enterprise.

    Reclaim.ai EnterpriseAI calendar & scheduling assistant, org-wide

    data: Same calendar/task data plus org-wide analytics, SSO/SCIM identity data, company-wide 'Initiatives' and dashboards

    Adds enterprise identity/access management (SSO, SCIM) and admin-level usage analytics not present in individual/team tiers.

    // What to watch

    • A third-party aggregator search result claimed Reclaim is 'HIPAA compliant, PCI compliant, ISO 27001 compliant, FedRAMP compliant, and CSA Star Level 1 compliant' -- none of this is corroborated on any reclaim.ai-owned page (the trust center explicitly does not list HIPAA or ISO 27001). Treated as an unverifiable over-claim and excluded from held=true grading; flagging so AIFOXX does not inherit this over-claim from secondary sources.
    • reclaim.ai/security references ISO 27001 only as an AWS data-center compliance standard -- this is the cloud host's certification, not Reclaim's own, and was graded held=false for Reclaim accordingly to avoid host/vendor conflation.
    • AI training posture is opt-in and consent-gated per the current privacy policy and subprocessors page (OpenAI used 'by opt-in only'); no legacy-ToS contradiction found, but this should be periodically re-verified since AI feature terms evolve quickly.

    // At a glance

    Pricing model

    Freemium/subscription tiers (Lite/free, Starter, Business, Enterprise; per-seat pricing)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Reclaim.ai Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.reclaim.ai

    > Browse all vendor trust reports