// Trust & Security Report

    Describely (formerly Copysmith) logo

    Describely (formerly Copysmith)

    AI-powered eCommerce product content generation and data enrichment platform. Offers bulk product description generation, metadata creation, image enhancement, content audit, and integrated chatbot (ShopAssist). Native integrations with Shopify, WooCommerce, Akeneo, Wix, Squarespace.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 5 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No public evidence of SOC 2 certification found on vendor domain or in trust/security pages.

    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on vendor domain or in trust/security pages.

    GDPR Compliance
    NOT CONFIRMED

    No mention of GDPR certification or specific GDPR compliance framework in available public documentation. Company does not market GDPR compliance; privacy policy exists but no formal GDPR DPA or compliance posture documented.

    source: describely.ai
    HIPAA
    NOT CONFIRMED

    Terms of Service explicitly disclaims HIPAA compliance: 'The Describely site is not tailored to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and Federal Information Security Management Act (FISMA).'

    source: describely.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence. Payment processing delegated to Stripe; vendor site does not claim PCI DSS compliance.

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Stored on AWS per vendor statements. Specific AWS region / data residency not documented; no region-selection options mentioned.

    Vendor explicitly does not use product information/customer data for training their AI models. According to vendor's blog and comparison materials: 'Describely doesn't use product information for training data.' All AI outputs powered by OpenAI/ChatGPT APIs; customer data used only for generating requested content within that session.

    // Security controls

    Data Encryption

    Vendor states it encrypts data and stores it on AWS. Vendor wording does not specify encryption scope (e.g. in transit vs at rest); do not represent as more specific than stated.

    describely.ai

    Authentication

    Role-based access control (RBAC) with multi-factor authentication (MFA)

    Penetration Testing

    Conducts regular penetration testing on the platform

    Payment Processing

    Payment data processed and stored by Stripe (PCI DSS compliant third party)

    Data Retention

    Personal information retained only as long as necessary for stated purposes; deleted or anonymized when no ongoing legitimate business need exists

    Age Restriction

    Does not knowingly collect data from children under 18 years of age

    Content Moderation

    AI content guidelines prohibit harmful use cases; vendor reserves right to terminate access for policy violations

    // Products & data scope

    Product Description GeneratorContent Generation

    data: Product catalog data, brand guidelines, eCommerce platform content

    Core product. Generates product descriptions, titles, meta descriptions, keywords, and SEO metadata. Uses OpenAI/ChatGPT APIs. Supports bulk generation (hundreds to thousands of products).

    Product Data EnrichmentData Management

    data: Sparse/incomplete product data, manufacturer details

    Fills gaps in product catalogs with accurate details. Sources data from vendor-specified sources. No use of customer data for model training.

    Content AuditCompliance & QA

    data: Product content, claim verification, error detection

    Verifies product claims, catches errors, ensures consistency. Does not train on audit data.

    AI Images (feature)Media Enhancement

    data: Product images

    Bulk image enhancement capability. Integrated into main platform.

    ShopAssist (chatbot)Customer Service

    data: Customer chat interactions with bot

    Seamless eCommerce chatbot integration. Separate product within platform family.

    // What to watch

    • Startup company (founded 2023, unfunded) with minimal certifications — this is typical and honest, not an over-claim. Transparency about HIPAA non-compliance is positive.
    • Bot protection on privacy policy and terms pages prevented direct content verification. Information extracted from search results and quoted sections; quoted statements are reliable but full document review was not possible.
    • No trust center, no audit reports, no formal compliance documentation publicly available — consistent with startup maturity level.
    • Company rebranded from 'Copysmith' — verify identity to avoid conflation with other vendors named 'Copysmith' or 'Copy.ai'.

    // At a glance

    Pricing model

    Subscription-based SaaS. Pricing tiers not disclosed in public search results; accessed via login.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Describely (formerly Copysmith)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    describely.ai

    > Browse all vendor trust reports