// Trust & Security Report
Bridesview, Inc. (DBA Tailwind)
Tailwind (tailwindapp.com) is a Pinterest/social-media marketing SaaS: Keyword Research, SmartPin (AI pin generation), SmartSchedule (publishing calendar), and Turbo (Pinterest creator community for engagement boosting), plus a browser extension and an MCP server for AI-assisted account management. Note: this is a distinct company from Tailwind Labs (tailwindcss.com), the CSS framework maker.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: tailwindapp.comNo public evidence of SOC 2 certification found on tailwindapp.com privacy policy, terms of service, or any vendor-domain page; no trust center exists (tailwindapp.com/trust returns 404).
source: tailwindapp.comNo public evidence of ISO 27001 certification found on any tailwindapp.com page.
source: tailwindapp.comNo public evidence of HIPAA compliance; product is a consumer/SMB social-media marketing tool, not a healthcare data processor, so HIPAA is out of scope.
source: tailwindapp.com"The GDPR applies to and protects European citizens. To the extent the GDPR applies to you, we have updated our privacy policy accordingly." This is a general GDPR-awareness statement, not a certification or independently audited posture, so it is graded held=false with a documented posture rather than a pass/fail cert.
source: tailwindapp.com"Tailwind complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce." This claim is stale: the EU-US Privacy Shield was invalidated by the CJEU (Schrems II, July 2020) and superseded by the EU-U.S. Data Privacy Framework (DPF) in 2023. The privacy policy has not been updated to reflect this, and no Bridesview/Tailwind listing could be confirmed on the current dataprivacyframework.gov participant list. Graded held=false as an outdated/inactive legal-transfer mechanism claim.
source: tailwindapp.comNo PCI DSS claim found; payments are routed to third-party processors ("We will share your account information with financial institutions and payment processing companies, namely, Chargify, Authorize.net, and Heartland"), meaning card data is handled by PCI-compliant processors, not directly attested by Tailwind itself.
source: tailwindapp.comNo public evidence of ISO/IEC 42001 or any AI-governance certification.
source: tailwindapp.comNo public evidence; Tailwind is a consumer/SMB marketing SaaS with no indication of US federal government customers or FedRAMP authorization.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not specified on public pages; company is US-based (Oklahoma City, OK, per Terms of Service address) with no documented EU/regional data residency option.
SmartPin generates pin designs/copy from the customer's own site content, and the MCP server lets AI assistants manage Pinterest accounts through documented API endpoints ("AI assistants can manage Pinterest accounts without ever seeing sensitive API access"). No public statement was found confirming or denying whether user content/account data is used to train Tailwind's or third-party AI models, and no opt-out mechanism is documented on vendor-domain pages. Graded null (unconfirmed) rather than assumed.
// Security controls
Encryption
General claim only: "we make use of privacy-enhancing technologies such as encryption" — no detail on in-transit vs at-rest, algorithms, or key management.
tailwindapp.comTrust center
None found. Direct navigation to tailwindapp.com/trust returns HTTP 404.
tailwindapp.comThird-party payment processing
Card/billing data handled by third parties (Chargify, Authorize.net, Heartland), not stored directly by Tailwind per its own Terms of Service.
tailwindapp.comAccount security guidance
Users are contractually required to notify Tailwind of unauthorized account access; no MFA, SSO, or other technical control specifics are publicly documented.
tailwindapp.com// Products & data scope
data: Pulls photos and content from the customer's connected website/social accounts to auto-generate Pin designs and copy.
No AI-training opt-out or data-use disclosure found for this feature.
data: Publishing calendar and scheduling metadata for connected Pinterest/Instagram accounts.
Standard SaaS scheduling; no distinct compliance posture found.
data: Shares customer Pins with a third-party community of other Tailwind users/creators to solicit engagement (saves, comments, clicks).
Involves exposing customer content to other platform users by design; not a data-security issue per se but a scope-of-sharing consideration worth disclosing to buyers.
data: Exposes documented Pinterest API endpoints to AI assistants for account management, per Tailwind's own description restricting access to "documented API endpoints."
New (2025-era) integration; no independent security review found.
// What to watch
- No trust center exists (tailwindapp.com/trust 404s); no SOC 2, ISO 27001, or other independent security certification found anywhere on the vendor domain.
- Over-claim risk: privacy policy still cites compliance with the EU-US/Swiss-US Privacy Shield Framework, which was legally invalidated in 2020 and superseded by the Data Privacy Framework in 2023 — this is a stale/inaccurate compliance claim that should not be represented to buyers as active.
- AI-training posture on customer content (used by SmartPin and the MCP server) is undisclosed; no opt-out documented.
- Identity note: do not conflate this vendor with Tailwind Labs / Tailwind CSS (tailwindcss.com) — different company, different product, confirmed via tailwindapp.com legal entity 'Bridesview, Inc. DBA Tailwind'.
// At a glance
Pricing model
Freemium / tiered SaaS subscription (free plan plus paid tiers per tailwindapp.com/pricing-overview)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Bridesview, Inc. (DBA Tailwind)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
tailwindapp.com