// Trust & Security Report
Describely (formerly Copysmith)
AI-powered eCommerce product content generation and data enrichment platform. Offers bulk product description generation, metadata creation, image enhancement, content audit, and integrated chatbot (ShopAssist). Native integrations with Shopify, WooCommerce, Akeneo, Wix, Squarespace.
Certifications held
0
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 5 unconfirmed / not-held certifications
No public evidence of SOC 2 certification found on vendor domain or in trust/security pages.
No public evidence of ISO 27001 certification found on vendor domain or in trust/security pages.
source: describely.aiNo mention of GDPR certification or specific GDPR compliance framework in available public documentation. Company does not market GDPR compliance; privacy policy exists but no formal GDPR DPA or compliance posture documented.
source: describely.aiTerms of Service explicitly disclaims HIPAA compliance: 'The Describely site is not tailored to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and Federal Information Security Management Act (FISMA).'
No public evidence. Payment processing delegated to Stripe; vendor site does not claim PCI DSS compliance.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Stored on AWS per vendor statements. Specific AWS region / data residency not documented; no region-selection options mentioned.
Vendor explicitly does not use product information/customer data for training their AI models. According to vendor's blog and comparison materials: 'Describely doesn't use product information for training data.' All AI outputs powered by OpenAI/ChatGPT APIs; customer data used only for generating requested content within that session.
// Security controls
Data Encryption
Vendor states it encrypts data and stores it on AWS. Vendor wording does not specify encryption scope (e.g. in transit vs at rest); do not represent as more specific than stated.
describely.aiAuthentication
Role-based access control (RBAC) with multi-factor authentication (MFA)
Penetration Testing
Conducts regular penetration testing on the platform
Payment Processing
Payment data processed and stored by Stripe (PCI DSS compliant third party)
Data Retention
Personal information retained only as long as necessary for stated purposes; deleted or anonymized when no ongoing legitimate business need exists
Age Restriction
Does not knowingly collect data from children under 18 years of age
Content Moderation
AI content guidelines prohibit harmful use cases; vendor reserves right to terminate access for policy violations
// Products & data scope
data: Product catalog data, brand guidelines, eCommerce platform content
Core product. Generates product descriptions, titles, meta descriptions, keywords, and SEO metadata. Uses OpenAI/ChatGPT APIs. Supports bulk generation (hundreds to thousands of products).
data: Sparse/incomplete product data, manufacturer details
Fills gaps in product catalogs with accurate details. Sources data from vendor-specified sources. No use of customer data for model training.
data: Product content, claim verification, error detection
Verifies product claims, catches errors, ensures consistency. Does not train on audit data.
data: Product images
Bulk image enhancement capability. Integrated into main platform.
data: Customer chat interactions with bot
Seamless eCommerce chatbot integration. Separate product within platform family.
// What to watch
- Startup company (founded 2023, unfunded) with minimal certifications — this is typical and honest, not an over-claim. Transparency about HIPAA non-compliance is positive.
- Bot protection on privacy policy and terms pages prevented direct content verification. Information extracted from search results and quoted sections; quoted statements are reliable but full document review was not possible.
- No trust center, no audit reports, no formal compliance documentation publicly available — consistent with startup maturity level.
- Company rebranded from 'Copysmith' — verify identity to avoid conflation with other vendors named 'Copysmith' or 'Copy.ai'.
// At a glance
Pricing model
Subscription-based SaaS. Pricing tiers not disclosed in public search results; accessed via login.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Describely (formerly Copysmith)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
describely.ai