// Trust & Security Report
Copysmith Inc.
AI content infrastructure platform with three specialized products: Frase (SEO & AI search optimization), Describely (eCommerce product content generation), and Rytr (conversational AI writing assistant). Built as integrated GEO (Generative Engine Optimization) ecosystem.
Certifications held
3
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.copysmith.ai“SOC 2 Type II listed under compliance section at trust.copysmith.ai and mentioned in footer: 'Trust Center SOC 2 Type II GDPR Compliant'”
Verify on trust.copysmith.ai“SOC 3 listed under compliance section at trust.copysmith.ai. Note: SOC 3 is the public disclosure version of SOC 2 audit results.”
Verify on copysmith.ai“Footer states 'GDPR Compliant'. However, detailed audit scope not provided on Trust Center homepage.”
> Show 5 unconfirmed / not-held certifications
source: copysmith.aiTerms of Service explicitly states: 'The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.)'
source: trust.copysmith.aiNo mention in official Trust Center or public pages. No public evidence.
source: trust.copysmith.aiNo mention in official Trust Center or public pages. Third-party Nudge Security profile claims PCI compliance but no vendor-domain evidence supports this.
source: trust.copysmith.aiNo mention in official Trust Center or public pages. No public evidence.
source: trust.copysmith.aiNo mention in official Trust Center or public pages. No public evidence.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Canada (explicitly stated in Terms of Service: 'the site is hosted in Canada')
Privacy Policy contains no explicit language about training AI models on customer content. MyVoice feature (learns user writing style) implies potential model training but scope and opt-out options are not documented in public privacy materials. Unclear from official documentation whether customer data is used for model improvement.
// Security controls
Encryption in transit
Implied by SOC 2 Type II certification but not explicitly detailed in public materials
trust.copysmith.aiData sharing
Privacy Policy states: 'We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.' No disclosure of personal info to third parties in preceding 12 months.
copysmith.ai// Products & data scope
data: User content for SEO research and optimization; tracks keyword rankings and competitive data
Helps users create SEO-optimized articles that rank on Google and get cited by AI search engines
data: Product data enrichment; generates product descriptions, titles, meta tags
Bulk generation tool for eCommerce product content at scale
data: User writing samples for MyVoice feature; emails, ads, social posts, blog content
Adapts to user's tone and writing style; MyVoice feature learns from user examples
// What to watch
- OVER-CLAIM: Nudge Security profile lists HIPAA, ISO 27001, PCI DSS, FedRAMP, and CSA STAR compliance, but Copysmith's official Trust Center and ToS do not confirm these. HIPAA is explicitly denied in ToS. This represents either vendor over-marketing via third parties or third-party assessment error.
- OUTDATED PRIVACY POLICY: Privacy Policy last updated February 19, 2021 (5 years old as of 2026). Does not address modern AI training practices or customer data usage for model improvement.
- GDPR COMPLIANCE GAP: Stated in footer but not detailed on Trust Center. No audit scope, date, or specific compliance mechanisms documented.
- AI TRAINING UNCLEAR: No clear documentation of whether customer data (especially from Rytr's MyVoice feature) is used to train or improve underlying AI models. No documented opt-out mechanism.
- HIPAA EXCLUSION: Explicitly states platform is not HIPAA compliant, limiting use in healthcare contexts despite potential claims elsewhere.
- NO DATA PROCESSING AGREEMENT EVIDENT: No mention of DPA or BAA availability, which may be required for enterprise or regulated use cases.
// At a glance
Pricing model
Subscription-based SaaS with tiered plans (not detailed in public materials)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Copysmith Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.copysmith.ai