// Trust & Security Report

    Reword Limited (trading as Juno) logo

    Reword Limited (trading as Juno)

    AI marketing "coworker" / agentic go-to-market platform (formerly Reword, an AI collaborative writing tool). Now marketed as Juno: agents/playbooks for lead finding, landing pages, brand assets, content briefs, and social calendars, connected to a brand's existing marketing apps. The AIFOXX listing description ("Reword is an AI collaborative writing tool...") reflects the pre-rebrand product and is stale relative to the current site.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type I/II)
    NOT CONFIRMED

    No public evidence. No trust center, security page, or SOC 2 mention found on getjuno.com, in its privacy policy, or terms of service; targeted web searches for "getjuno.com SOC 2" returned no vendor-published results.

    source: getjuno.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not referenced anywhere on the vendor's site or in policy documents reviewed.

    source: getjuno.com
    GDPR (posture)
    NOT CONFIRMED

    No formal certification exists for GDPR (it is a regulation, not a certifiable standard), but the vendor demonstrates a GDPR posture: a dedicated privacy contact (gdpr@getjuno.com) for rights/deletion requests and language on international transfer safeguards ("adequacy regulations, contractual safeguards, or other recognised transfer mechanisms"). Graded held=false because there is no certification to hold; posture is documented in the privacy notes field instead.

    source: getjuno.com
    HIPAA
    NOT CONFIRMED

    No public evidence or claim of HIPAA compliance. Juno is a marketing automation product, not positioned for healthcare/PHI use cases.

    source: getjuno.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found. The product does not appear to directly process cardholder payment data itself (billing is referenced only in the context of the vendor's own subscription charges).

    source: getjuno.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence. Despite the product being built entirely around AI agents, no AI-governance certification (ISO 42001, CSA STAR for AI) is referenced on the site or in policy pages.

    source: getjuno.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found in any reviewed page or search result.

    source: getjuno.com
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable, vendor is not marketed as a government cloud service.

    source: getjuno.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United Kingdom-based entity; policy states some providers/connected services 'may process personal data outside the UK' using adequacy decisions, SCCs, or other transfer mechanisms. No specific hosting region (e.g. AWS eu-west) is disclosed.

    The privacy policy states Juno 'uses automated systems and AI-driven features to process prompts, files, messages' and may send content to 'model, infrastructure...providers' to operate features, but it does not explicitly confirm or deny whether customer content is used to train underlying models. No opt-out mechanism or tier-based training distinction is documented. Graded trains_on_customer_data=null (unconfirmed either way) rather than false, since the absence of a denial is not proof of a no-training policy. This is a gap the vendor should clarify.

    // Security controls

    Encryption in transit

    No public evidence / not documented on the vendor's site (only general references to hosting and processing content to operate features).

    getjuno.com

    Encryption at rest

    No public evidence / not documented.

    getjuno.com

    Authentication & Access Control

    Standard email/password sign-in observed on the app login page (app.getjuno.com/login); no MFA, SSO, or RBAC claims found on public marketing pages.

    getjuno.com

    Data Processing Agreement

    Not published or offered for download; the privacy policy references that it 'should be read alongside any customer agreement, data processing agreement, or other terms' implying a DPA may exist per-contract, but none is publicly available or confirmed.

    getjuno.com

    Incident response / vulnerability disclosure

    No public evidence of a documented incident response plan, bug bounty, or vulnerability disclosure program.

    getjuno.com

    // Products & data scope

    Juno (formerly Reword)AI marketing agent / go-to-market automation

    data: Connects to a customer's marketing apps (e.g. Search Console, Buffer, LinkedIn, ad tools) and processes brand assets, leads, content drafts, and campaign data through AI agents/playbooks.

    Single product line; no separate consumer/team/enterprise tiers documented publicly. Pricing page exists (getjuno.com/pricing) but tier-specific compliance differences were not captured in evidence and could not be confirmed.

    // What to watch

    • IDENTITY: AIFOXX's own listing (slug 'reword') shows name 'Juno' and url getjuno.com, while the listing description still describes the pre-rebrand product ('Reword is an AI collaborative writing tool...'). Confirmed via the vendor's own Terms of Service ('Juno is the trading name of Reword Limited, a company based in the United Kingdom') that this is the same legal entity post-rebrand, not a different company. The AIFOXX description/use-cases are stale and should be refreshed to reflect the current Juno marketing-agent product, not the old writing-assistant framing.
    • No trust center or dedicated security page found on the vendor's domain despite the product processing significant third-party connected-app data (leads, CRM, social, ad accounts). This is a material gap for a product with this level of data access, even accounting for early-stage maturity.
    • AI training posture on customer data is not explicitly confirmed or denied by the vendor -- flagged as an open question rather than assumed either way.
    • No public DPA, sub-processor list, or named cloud hosting provider/region -- cannot independently verify data residency claims.
    • compliance.soc2/iso27001/gdpr/hipaa fields in tools.json are all null; this assessment's held=false findings should be used to populate them accurately (all false/unconfirmed) rather than leaving null.

    // At a glance

    Pricing model

    Subscription SaaS.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Reword Limited (trading as Juno)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    getjuno.com

    > Browse all vendor trust reports