// Trust & Security Report
Reword Limited (trading as Juno)
AI marketing "coworker" / agentic go-to-market platform (formerly Reword, an AI collaborative writing tool). Now marketed as Juno: agents/playbooks for lead finding, landing pages, brand assets, content briefs, and social calendars, connected to a brand's existing marketing apps. The AIFOXX listing description ("Reword is an AI collaborative writing tool...") reflects the pre-rebrand product and is stale relative to the current site.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: getjuno.comNo public evidence. No trust center, security page, or SOC 2 mention found on getjuno.com, in its privacy policy, or terms of service; targeted web searches for "getjuno.com SOC 2" returned no vendor-published results.
source: getjuno.comNo public evidence. Not referenced anywhere on the vendor's site or in policy documents reviewed.
source: getjuno.comNo formal certification exists for GDPR (it is a regulation, not a certifiable standard), but the vendor demonstrates a GDPR posture: a dedicated privacy contact (gdpr@getjuno.com) for rights/deletion requests and language on international transfer safeguards ("adequacy regulations, contractual safeguards, or other recognised transfer mechanisms"). Graded held=false because there is no certification to hold; posture is documented in the privacy notes field instead.
source: getjuno.comNo public evidence or claim of HIPAA compliance. Juno is a marketing automation product, not positioned for healthcare/PHI use cases.
source: getjuno.comNo public evidence found. The product does not appear to directly process cardholder payment data itself (billing is referenced only in the context of the vendor's own subscription charges).
source: getjuno.comNo public evidence. Despite the product being built entirely around AI agents, no AI-governance certification (ISO 42001, CSA STAR for AI) is referenced on the site or in policy pages.
source: getjuno.comNo public evidence found in any reviewed page or search result.
source: getjuno.comNo public evidence; not applicable, vendor is not marketed as a government cloud service.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
United Kingdom-based entity; policy states some providers/connected services 'may process personal data outside the UK' using adequacy decisions, SCCs, or other transfer mechanisms. No specific hosting region (e.g. AWS eu-west) is disclosed.
The privacy policy states Juno 'uses automated systems and AI-driven features to process prompts, files, messages' and may send content to 'model, infrastructure...providers' to operate features, but it does not explicitly confirm or deny whether customer content is used to train underlying models. No opt-out mechanism or tier-based training distinction is documented. Graded trains_on_customer_data=null (unconfirmed either way) rather than false, since the absence of a denial is not proof of a no-training policy. This is a gap the vendor should clarify.
// Security controls
Encryption in transit
No public evidence / not documented on the vendor's site (only general references to hosting and processing content to operate features).
getjuno.comAuthentication & Access Control
Standard email/password sign-in observed on the app login page (app.getjuno.com/login); no MFA, SSO, or RBAC claims found on public marketing pages.
getjuno.comData Processing Agreement
Not published or offered for download; the privacy policy references that it 'should be read alongside any customer agreement, data processing agreement, or other terms' implying a DPA may exist per-contract, but none is publicly available or confirmed.
getjuno.comIncident response / vulnerability disclosure
No public evidence of a documented incident response plan, bug bounty, or vulnerability disclosure program.
getjuno.com// Products & data scope
data: Connects to a customer's marketing apps (e.g. Search Console, Buffer, LinkedIn, ad tools) and processes brand assets, leads, content drafts, and campaign data through AI agents/playbooks.
Single product line; no separate consumer/team/enterprise tiers documented publicly. Pricing page exists (getjuno.com/pricing) but tier-specific compliance differences were not captured in evidence and could not be confirmed.
// What to watch
- IDENTITY: AIFOXX's own listing (slug 'reword') shows name 'Juno' and url getjuno.com, while the listing description still describes the pre-rebrand product ('Reword is an AI collaborative writing tool...'). Confirmed via the vendor's own Terms of Service ('Juno is the trading name of Reword Limited, a company based in the United Kingdom') that this is the same legal entity post-rebrand, not a different company. The AIFOXX description/use-cases are stale and should be refreshed to reflect the current Juno marketing-agent product, not the old writing-assistant framing.
- No trust center or dedicated security page found on the vendor's domain despite the product processing significant third-party connected-app data (leads, CRM, social, ad accounts). This is a material gap for a product with this level of data access, even accounting for early-stage maturity.
- AI training posture on customer data is not explicitly confirmed or denied by the vendor -- flagged as an open question rather than assumed either way.
- No public DPA, sub-processor list, or named cloud hosting provider/region -- cannot independently verify data residency claims.
- compliance.soc2/iso27001/gdpr/hipaa fields in tools.json are all null; this assessment's held=false findings should be used to populate them accurately (all false/unconfirmed) rather than leaving null.
// At a glance
Pricing model
Subscription SaaS.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Reword Limited (trading as Juno)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
getjuno.com