// Trust & Security Report
AI Creativity S.r.l. (a Bending Spoons company)
Remini is a consumer AI photo/video enhancement app (unblur, denoise, face enhance, old-photo restoration, up to 2x upscaling) plus an "AI Photos" generative avatar feature and a video enhancer, available via web (app.remini.ai), iOS, and Android. Operated by AI Creativity S.r.l. (Milan, Italy), wholly owned and managed/coordinated by Bending Spoons S.p.A., which also handles privacy/legal/compliance centrally for the app portfolio. No distinct team/enterprise/API tier was found publicly.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on app.remini.ai“"The Data Controller is Bending Spoons S.p.A., based in Via Nino Bonnet 10, 20154 Milan, Italy" with a named Data Protection Officer and data-subject rights described under "Regulation (EU) 2016/679"; international transfers rely on "the standard contractual clauses developed by the European Commission."”
> Show 8 unconfirmed / not-held certifications
source: support.bendingspoons.comNo public evidence. No trust center, SOC 2 badge, or SOC 2 report reference found on remini.ai, app.remini.ai, or support.bendingspoons.com/compliance.
source: support.bendingspoons.comNo public evidence. The Bending Spoons compliance page lists only a Modern Slavery Statement, Organizational Management/Control Model, Code of Ethics, and whistleblowing policy — no ISO 27001 certificate or scope statement.
source: app.remini.aiNo public evidence. Remini is a consumer photo/video tool with no BAA, healthcare-specific terms, or HIPAA language anywhere on the vendor's own domains; not applicable to this product.
source: support.bendingspoons.comNo public evidence on vendor domains. Payment processing (App Store/Play Store/web billing) is handled by third-party processors; no PCI attestation published by Remini/AI Creativity/Bending Spoons.
source: support.bendingspoons.comNo public evidence found on any vendor-owned page.
source: support.bendingspoons.comNo public evidence. No AI-governance certification is referenced on remini.ai, app.remini.ai, or the Bending Spoons compliance page.
source: support.bendingspoons.comNo public evidence; not applicable — Remini is a consumer product with no U.S. government offering referenced anywhere on its own domains.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
EU-based controller (Bending Spoons S.p.A. / AI Creativity S.r.l., Milan, Italy); data may be transferred outside the EEA/UK/Switzerland under EU Standard Contractual Clauses. No dedicated EU-only or U.S.-only data-residency option is published.
Vendor policy states training use is opt-in only: "in limited cases, (v) user-provided images where users have explicitly opted in to model training" (app.remini.ai). A separate press/search summary of the same policy corroborates: "user images aren't used to train AI technologies unless users explicitly opt in." Retention language differs slightly across vendor pages (web app: "deleted from our servers after 1 day" / "after 15 days" for the web app vs. a subscription-tier plan page reportedly citing 7/20-day windows and a 2-year outer limit) — flagged below as an unresolved cross-page inconsistency likely reflecting different product surfaces (free web tool vs. AI Photos/subscription feature) rather than a single unified retention policy.
// Security controls
Encryption / data protection measures
"We adopt technical and organizational measures designed to prevent the loss, improper use and alteration of your personal data. In some cases, we may also adopt data encryption and pseudonymization measures." (Not tied to a certified ISMS or independently audited standard.)
app.remini.aiFace data use restriction
Vendor states face data is used only to enhance photos/videos and generate requested AI images, and "in no instance does Remini process face data to identify or authenticate people in images or videos."
app.remini.aiUpload retention (web app)
"Images, videos and audio-recordings uploaded to the web app are deleted from our servers after 1 day" (up to 15 days if needed for a requested feature).
app.remini.aiInternational transfer safeguards
Transfers outside the EEA/UK/Switzerland rely on "the standard contractual clauses developed by the European Commission."
app.remini.aiIndependent third-party audit / certification
None published. No trust center, SOC 2 report, or ISO certificate is hosted on any Remini or Bending Spoons domain as of this review.
support.bendingspoons.com// Products & data scope
data: User-uploaded photos/videos and derived face data; short server retention (1–15 days per current web-app policy) unless a feature requires longer processing.
Primary product; 100M+ monthly active users per vendor homepage. Free tier with ads plus paid subscription.
data: User-submitted reference photos used to generate stylized AI images of the user; training use is opt-in only per privacy policy.
Distinct feature/flow from the core enhancer; a subscription plan management page (yourplan.remini.ai) suggests separate/longer retention windows for this feature, which could not be fully reconciled with the main web-app privacy policy — see flags.
data: n/a
A developer.remini.ai subdomain surfaced in search results (referencing a hosted privacy-policy PDF) but did not resolve live during this review, so no enterprise/API/business offering, terms, or security posture could be independently verified. Treat as unconfirmed, not as evidence of a B2B product.
// What to watch
- No trust center or third-party audited certification (SOC 2, ISO 27001, HIPAA, PCI, ISO 42001, CSA STAR, FedRAMP) found on any vendor-owned domain (remini.ai, app.remini.ai, support.bendingspoons.com) despite searching; graded held=false across the board rather than assumed.
- Over-claim risk found in third-party research: a third-party "security profile" directory (nudgesecurity.com, not a vendor-owned source) lists Remini as simultaneously 'PCI Compliant, HIPAA Compliant, SOC 2 Compliant, GDPR Compliant, ISO 27001 Compliant, FedRAMP Compliant, and CSA Star Level 1 Compliant' with no methodology, verification link, or supporting evidence disclosed. This is almost certainly an auto-generated/template badge list, not a verified fact, and should NOT be used as a source for AIFOXX's listing.
- Identity/controller ambiguity: the remini.ai homepage footer names 'AI Creativity S.r.l.' (Milan) as the copyright holder and operating entity, 'subject to the management and coordination of Bending Spoons S.p.A.', while the app.remini.ai privacy policy names 'Bending Spoons S.p.A.' directly as the Data Controller. This likely reflects Bending Spoons centralizing privacy operations across its app portfolio (it also owns Evernote, WeTransfer, Meetup, Splice, etc.) rather than a conflation error, but the exact legal-entity relationship for contracting purposes is not fully clear from public pages alone.
- Retention-period inconsistency across vendor pages: the current app.remini.ai privacy policy states uploads are deleted after 1 day (up to 15 days), while other vendor-linked material (a subscription plan/terms page) reportedly describes 7-day/20-day windows and a 2-year outer deletion limit for AI Photos. Could not fully reconcile whether this is a stale document, a per-feature difference, or a versioning gap; treat retention claims as feature-specific, not universal.
- Do not confuse with 'Rimini Street' (NASDAQ: RMNI), an unrelated enterprise software support company that does hold ISO 27001/ISO 9001 — search noise conflated the two names; none of Rimini Street's certifications apply to Remini/AI Creativity S.r.l.
// At a glance
Pricing model
Freemium consumer subscription (free with ads/limited enhancements; paid subscription for full-resolution, ad-free, and AI Photos access)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on AI Creativity S.r.l. (a Bending Spoons company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
app.remini.ai