// Trust & Security Report

    Copysmith Inc. logo

    Copysmith Inc.

    AI content infrastructure platform with three specialized products: Frase (SEO & AI search optimization), Describely (eCommerce product content generation), and Rytr (conversational AI writing assistant). Built as integrated GEO (Generative Engine Optimization) ecosystem.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type II listed under compliance section at trust.copysmith.ai and mentioned in footer: 'Trust Center SOC 2 Type II GDPR Compliant'

    Verify on trust.copysmith.ai
    SOC 3
    HELD

    SOC 3 listed under compliance section at trust.copysmith.ai. Note: SOC 3 is the public disclosure version of SOC 2 audit results.

    Verify on trust.copysmith.ai
    GDPR
    HELD

    Footer states 'GDPR Compliant'. However, detailed audit scope not provided on Trust Center homepage.

    Verify on copysmith.ai
    > Show 5 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Terms of Service explicitly states: 'The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.)'

    source: copysmith.ai
    ISO 27001
    NOT CONFIRMED

    No mention in official Trust Center or public pages. No public evidence.

    source: trust.copysmith.ai
    PCI DSS
    NOT CONFIRMED

    No mention in official Trust Center or public pages. Third-party Nudge Security profile claims PCI compliance but no vendor-domain evidence supports this.

    source: trust.copysmith.ai
    FedRAMP
    NOT CONFIRMED

    No mention in official Trust Center or public pages. No public evidence.

    source: trust.copysmith.ai
    CSA STAR
    NOT CONFIRMED

    No mention in official Trust Center or public pages. No public evidence.

    source: trust.copysmith.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Canada (explicitly stated in Terms of Service: 'the site is hosted in Canada')

    Privacy Policy contains no explicit language about training AI models on customer content. MyVoice feature (learns user writing style) implies potential model training but scope and opt-out options are not documented in public privacy materials. Unclear from official documentation whether customer data is used for model improvement.

    // Security controls

    Encryption in transit

    Implied by SOC 2 Type II certification but not explicitly detailed in public materials

    trust.copysmith.ai

    Data hosting

    Hosted in Canada; not HIPAA compliant per ToS

    copysmith.ai

    External audit firm

    Reviewed and trusted by Sensiba LLP

    trust.copysmith.ai

    Data sharing

    Privacy Policy states: 'We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.' No disclosure of personal info to third parties in preceding 12 months.

    copysmith.ai

    // Products & data scope

    FraseSEO Content & AI Search Optimization

    data: User content for SEO research and optimization; tracks keyword rankings and competitive data

    Helps users create SEO-optimized articles that rank on Google and get cited by AI search engines

    DescribelyeCommerce Content Generation

    data: Product data enrichment; generates product descriptions, titles, meta tags

    Bulk generation tool for eCommerce product content at scale

    RytrAI Writing Assistant

    data: User writing samples for MyVoice feature; emails, ads, social posts, blog content

    Adapts to user's tone and writing style; MyVoice feature learns from user examples

    // What to watch

    • OVER-CLAIM: Nudge Security profile lists HIPAA, ISO 27001, PCI DSS, FedRAMP, and CSA STAR compliance, but Copysmith's official Trust Center and ToS do not confirm these. HIPAA is explicitly denied in ToS. This represents either vendor over-marketing via third parties or third-party assessment error.
    • OUTDATED PRIVACY POLICY: Privacy Policy last updated February 19, 2021 (5 years old as of 2026). Does not address modern AI training practices or customer data usage for model improvement.
    • GDPR COMPLIANCE GAP: Stated in footer but not detailed on Trust Center. No audit scope, date, or specific compliance mechanisms documented.
    • AI TRAINING UNCLEAR: No clear documentation of whether customer data (especially from Rytr's MyVoice feature) is used to train or improve underlying AI models. No documented opt-out mechanism.
    • HIPAA EXCLUSION: Explicitly states platform is not HIPAA compliant, limiting use in healthcare contexts despite potential claims elsewhere.
    • NO DATA PROCESSING AGREEMENT EVIDENT: No mention of DPA or BAA availability, which may be required for enterprise or regulated use cases.

    // At a glance

    Pricing model

    Subscription-based SaaS with tiered plans (not detailed in public materials)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Copysmith Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.copysmith.ai

    > Browse all vendor trust reports