// Trust & Security Report
Skyline AI Ltd. (acquired by Jones Lang LaSalle IP, Inc. / JLL in August 2021)
AI-driven commercial real estate investment management platform: deal sourcing, underwriting, asset management and portfolio optimization for institutional multifamily property investors. Originally an independent Israeli/US startup (founded 2017, backed by Sequoia Capital, JLL, TLV Partners, Nyca Partners, DWS Group); acquired by JLL in 2021 and folded into JLL Technologies. The public marketing site (skyline.ai) appears to be a largely unmaintained legacy site rather than an actively developed self-serve product page.
Certifications held
0
Maturity
Unknown
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: skyline.aiNo SOC 2 mention found anywhere on skyline.ai (home, about, privacy, terms). Parent company JLL holds a SOC 2 Type II report, but per JLL's own 2016 press release it covers 'JLL's Corporate Solutions applications' specifically, not the Skyline AI product, and predates the 2021 acquisition by 5 years. No vendor-domain evidence this extends to Skyline AI.
source: skyline.aiNo ISO 27001 mention found on skyline.ai. JLL's ISO 27001 designation (per ir.jll.com 2016 release) applies to JLL's Corporate Solutions IT assets, not confirmed to cover Skyline AI specifically.
source: skyline.ai"data protection...laws of these countries may not be as comprehensive as those in...the European Union - in these instances we will take steps to ensure...similar level of protection is given to Personal Information, including through adequate contractual measures." Generic international-transfer language and user access/deletion rights are described, but there is no dedicated GDPR compliance statement, no named legal basis framework, and no DPA offered.
source: skyline.aiNo public evidence. Product is a commercial real estate investment analytics platform with no health-data use case; HIPAA is not applicable and not claimed.
source: skyline.aiNo public evidence. Legacy site predates the AI-governance certification landscape and makes no mention of it.
source: skyline.aiNo public evidence on the vendor domain. A third-party blurb (nudgesecurity.com) asserts JLL broadly is "FedRamp Compliant," but that is a parent-company claim on a third-party site, not vendor-domain evidence for Skyline AI, and is excluded from grading per sourcing rules.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not publicly documented. Privacy policy references cross-border transfers and 'adequate contractual measures' generically but names no specific region, hosting provider, or data residency options.
Skyline AI is a proprietary ML analytics platform (deal sourcing / underwriting models trained on market and property data), not a generative/LLM product that trains on user prompts or uploaded documents. The Terms of Service (last updated 2017) and Privacy Policy make no explicit statement about whether client-submitted investment/deal data is used to improve models, and there is no opt-out mechanism described. Treat AI-training posture as unconfirmed rather than assume none.
// Security controls
Security program disclosure
"We employ industry standard procedures to ensure the confidentiality, integrity, and availability of our Customers' systems and User Data" but explicitly disclaims: "No method of transmission over the Internet...is 100% secure. Therefore...we cannot guarantee its absolute security." No architecture, audit, or control detail given.
skyline.aiThird-party subprocessors
Referenced only generically as "trusted third party service providers" for storage/cloud computing and analytics; no names disclosed.
skyline.aiData retention
"For as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our agreements." No fixed retention period stated.
skyline.aiLiability disclosure
Terms of Service caps cumulative liability at $50 and disclaim being a registered investment advisor; unusual for an institutional-grade platform and consistent with a legacy/unmaintained ToS.
skyline.ai// Products & data scope
data: Property, market, and portfolio data for institutional multifamily real estate investment; likely investor and deal financial data
Primary product matching AIFOXX's existing listing description. No distinct self-serve pricing tiers found; institutional/enterprise sales model implied.
data: Investor account and portfolio data, gated to accredited investors
Referenced in the legacy 2017 Terms of Service as a separate access tier; current availability/status could not be confirmed.
// What to watch
- AIFOXX's own src/data/tools.json lists the vendor URL as https://skylineai.com, but that domain is an unrelated parked/for-sale listing with no connection to the real estate AI company described. The correct vendor domain, confirmed by matching product description (deal sourcing, underwriting, multifamily portfolio optimization, JLL acquisition) is https://www.skyline.ai. AIFOXX's URL field should be corrected before this listing is trusted.
- Host-vs-vendor cert ambiguity: JLL (the acquiring parent, NYSE: JLL) holds SOC 2 Type II and ISO 27001, but per JLL's own 2016 press release these cover JLL 'Corporate Solutions applications', predate the 2021 Skyline AI acquisition by five years, and are not confirmed by any vendor-domain source to extend to the Skyline AI product. Do not display these as Skyline AI's own certifications.
- Operational status is unclear: skyline.ai reads as a largely static legacy marketing site (Terms of Service last updated 2017, never revised post-acquisition); it is not confirmed whether Skyline AI is still actively sold/onboarding new institutional customers as a standalone product versus being wound down into JLL's broader technology stack.
- No trust center, DPA, or GDPR-specific mechanism (SCCs, named legal basis) found; GDPR language is generic boilerplate from an old privacy policy.
- AI-training posture on customer/deal data is unconfirmed (neither disclosed nor denied) - flag rather than assume 'no training'.
// At a glance
Pricing model
Not publicly disclosed; institutional/enterprise sales, not self-serve SaaS pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Skyline AI Ltd. (acquired by Jones Lang LaSalle IP, Inc. / JLL in August 2021)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
skyline.ai