Xero’s AI features (JAX as the headline generative assistant, plus AI-powered bank reconciliation, data capture, and the broader Xero OS platform) sit within Xero’s enterprise-grade SaaS infrastructure. Xero holds SOC 2 Type II and ISO 27001 certifications, operates regional data residency for AU/NZ customers, and has invested heavily in AI-specific security and privacy controls as…
Grammarly is one of the most-deployed writing AI tools in the SMB and individual professional segments, with reported user base of approximately 30 million daily active users across hundreds of millions of registered accounts. The risk picture is dominated by one structural fact: Grammarly’s browser extension and desktop client read essentially all text the user…
Adobe Firefly’s central marketing claim — trained only on Adobe Stock, Creative Commons, and public domain content — is the foundation of its commercial-safety positioning and the basis for its IP indemnification offering. In April 2024, Bloomberg reported that approximately 5% of Firefly’s training set was AI-generated content from other models, including images from Midjourney…
Canva’s AI features (consolidated under the Magic Studio brand) sit within Canva’s broader design platform with one of the cleanest training-default structures of any AI design vendor as of mid-2026. The November 2025 Canva AI Product Terms made the distinction crisp: Teams, Business, Enterprise, and Education accounts are never used for AI training and cannot…
Shopify’s AI features (Magic for content generation, Sidekick for the conversational store-management assistant, Shop AI for shopper-facing chat) sit within Shopify’s e-commerce platform. Shopify maintains a no-training default with its third-party AI subprocessors, holds SOC 2 Type II certification, and is PCI-DSS Level 1 certified for the payment-handling parts of its infrastructure. CEO Tobi Lütke’s…
HubSpot’s AI features (consolidated under the Breeze brand during 2024-2025, expanded substantially with the Spring Spotlight 2026 release) are embedded across its Marketing, Sales, Service, and CMS Hubs. HubSpot has invested heavily in privacy-positive defaults: subprocessor agreements explicitly prohibit AI providers from using customer data for model training, zero-data-retention enforced “wherever possible,” US customer data…
Salesforce’s AI products (Einstein for predictive features, Agentforce for agentic workflows) sit within Salesforce’s enterprise-grade governance framework anchored by the Einstein Trust Layer. The Trust Layer is Salesforce’s built-in mechanism for preventing agent prompts from being used to train external models, masking sensitive PII before it reaches an LLM, and logging all agent activity for…
Zendesk’s AI features (rebranded over 2024-2026 as Advanced AI and the Resolution Platform) sit within Zendesk’s broader customer service product and inherit its security posture. Zendesk maintains a no-training default with its AI subprocessors, holds SOC 2 Type II and ISO 27001 certifications, supports HIPAA via BAA on Enterprise tier, and offers EU and AU…
Intercom Fin is the most-documented AI customer-service agent in this database from a privacy posture perspective. Intercom has published explicit commitments on its blog and in its Additional Product Terms: third-party LLM providers operate under zero-data-retention arrangements, customer data is not used for model training or fine-tuning, and the Fin AI Engine is designed with…
Fathom is a meeting-AI tool focused on Zoom, Google Meet, and Microsoft Teams call summaries. Unlike Granola’s silent bot-free architecture, Fathom uses a visible-bot model — “Fathom Notetaker” appears as a named participant in your meetings. This is the same architecture as Otter.ai and Fireflies.ai, the two vendors currently defending class actions over consent and…