// Trust & Security Report

    CraftlyAI Inc. logo

    CraftlyAI Inc.

    Craftly.AI is an AI-powered copywriting assistant built on OpenAI models, offering 100+ content frameworks for marketing copy, blog posts, emails, and social media content across 25+ languages.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type 1/2
    NOT CONFIRMED

    No vendor-domain documentation; third-party claim via Nudge Security not substantiated on craftly.ai

    source: craftly.ai
    ISO 27001
    NOT CONFIRMED

    No vendor-domain documentation; third-party claim via Nudge Security not substantiated on craftly.ai

    source: craftly.ai
    GDPR
    NOT CONFIRMED

    No explicit GDPR compliance statement on vendor domain; privacy policy URL (craftly.ai/privacy-policy.html) returns 404

    source: craftly.ai
    HIPAA
    NOT CONFIRMED

    Terms of Service prohibit uploading health data rather than claiming HIPAA compliance: users may not 'Provide or upload any information to the Services that is "Protected Health Information" as defined under the Health Insurance Portability and Accountability Act'.

    source: craftly.ai
    PCI DSS
    NOT CONFIRMED

    No vendor-domain documentation; third-party claim via Nudge Security not substantiated on craftly.ai

    source: craftly.ai
    FedRamp
    NOT CONFIRMED

    No vendor-domain documentation; third-party claim via Nudge Security not substantiated on craftly.ai

    source: craftly.ai
    CSA STAR
    NOT CONFIRMED

    No vendor-domain documentation; third-party claim via Nudge Security not substantiated on craftly.ai

    source: craftly.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Unknown; company based in Toronto, Canada; uses AWS (unspecified regions)

    Terms reference OpenAI API usage and state 'Craftly.ai and OpenAI may request information from you regarding your efforts to reduce safety risks.' Unclear if customer content is retained or used for model improvement. Data ownership: 'Craftly.ai's licensor, OpenAI LLC, exclusively owns all right, title and interest in and to Generated Content.' No explicit opt-out for training disclosed.

    // Security controls

    Authentication

    Okta integration, Google/Microsoft login, SSO available; 2FA support noted as limited in third-party profile

    security-profiles.nudgesecurity.com

    Infrastructure

    Runs on AWS; reliant on third-party services (Google Workspace, Stripe, Intercom, Zendesk)

    craftly.ai

    Uptime

    Claims 99.5% uptime on homepage

    craftly.ai

    Liability & Copyright

    Vendor disclaims liability for copyright infringement, plagiarism, or ownership of content. Liability capped at amounts paid or $200 USD maximum.

    craftly.ai

    // Products & data scope

    Craftly.AI Core PlatformAI Copywriting Tool

    data: User text inputs for content generation; supports 25+ languages; generates marketing copy, blog posts, emails, social media, landing pages, product descriptions

    Built on OpenAI models (GPT-3+). Content ownership: OpenAI LLC owns generated outputs. Plagiarism detection claimed but liability disclaimed. Enterprise tier offers custom models, team collaboration, SSO.

    // What to watch

    • CERT-CONTRADICTION: Vendor's Terms of Service explicitly prohibit HIPAA data use, yet third-party (Nudge Security) claims HIPAA certification. This is a red flag for accuracy of third-party claims.
    • UNVERIFIED-THIRD-PARTY: Nudge Security profile claims SOC 2, ISO 27001, GDPR, PCI, FedRamp, CSA STAR—none of which appear on vendor's own domain, no trust center, no security pages, no vendor-domain documentation found.
    • PRIVACY-POLICY-404: Advertised privacy policy URL (craftly.ai/privacy-policy.html) returns HTTP 404; users cannot independently verify privacy practices.
    • AI-TRAINING-OPAQUE: Terms do not explicitly state whether customer content is retained or used for model training. No clear opt-out disclosed. Data ownership explicitly assigned to OpenAI LLC.
    • VENDOR-DOMAIN-GAPS: No dedicated security, trust, compliance, or certifications pages on craftly.ai. All searches for security-related content return zero results.
    • STARTUP-STAGE: Founded 2021, bootstrap-funded, 1-10 employees—typical of early-stage AI tools with limited compliance infrastructure.
    • IDENTITY-VERIFIED: Legal entity confirmed as 'CraftlyAI Inc.' and 'MNGD LLC' at 626 King St West, Suite 401, Toronto, M5V 1M5 per homepage footer.

    // At a glance

    Pricing model

    Freemium (5-day free trial) + paid subscription tiers; enterprise custom pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on CraftlyAI Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    craftly.ai

    > Browse all vendor trust reports