// Trust & Security Report

    Sudowrite (Agenstoria, Inc.) logo

    Sudowrite (Agenstoria, Inc.)

    AI writing assistant for fiction (consumer SaaS web app + mobile, plus 1,000+ community Plugins and a proprietary Muse model)

    Certifications held

    3

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    No SOC 2 claim found anywhere on the vendor's site. /security, /trust, /trust-center, /compliance all return 'Page not found'.

    Verify on sudowrite.com
    ISO 27001
    HELD

    No ISO 27001 claim found on any vendor page.

    Verify on sudowrite.com
    GDPR (posture, not a certification)
    HELD

    If you are a resident of the European Economic Area (EEA), you have certain data protection rights and the Operator aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.

    Verify on sudowrite.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Consumer fiction-writing tool with no health-data scope; no HIPAA claim made and none applicable.

    source: sudowrite.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not stated

    Data region

    unknown (US-based company governed by California law; privacy policy notes cross-border transfers may occur but does not specify a hosting region)

    Sudowrite states it does not train AI models on user writing. FAQ direct quote: 'We do not use your writing to train AI models.' Founder Amit Gupta has separately stated 'No manuscripts were used to train the AI as we have not done any training.' Generation is powered by third-party LLM providers (e.g. OpenAI enterprise API, which contractually does not retain or train on submitted data) plus Sudowrite's own 'Muse' fiction model. Any review of user content for model fine-tuning is described as optional and consent-based.

    // Security controls

    Stated safeguards

    Reasonable administrative, technical, and physical safeguards claimed, but no specifics (no named encryption standard, key management, or access-control detail in the policy).

    sudowrite.com

    Encryption

    unknown / not stated in policy. Third-party reviews mention 'industry-standard encryption' but this is not asserted on a vendor-owned security page.

    sudowrite.com

    Security / trust page

    None. /security, /trust, /trust-center, /compliance all 404.

    sudowrite.com

    Bug bounty

    None found (no HackerOne or Bugcrowd program).

    sudowrite.com

    Penetration testing

    unknown / no evidence found.

    sudowrite.com

    Data breach handling

    Privacy policy includes a 'Data breach' notification clause.

    sudowrite.com

    Content ownership

    User retains all rights to Your Content; Sudowrite takes only a non-exclusive license to host/process to provide the service, with no right to sell or distribute it.

    sudowrite.com

    // Products & data scope

    Sudowrite (web/mobile app, subscription tiers)AI fiction-writing assistant

    data: User-authored manuscripts, characters, worldbuilding, account info (name, email, Google-linked account). Content processed via third-party LLMs to generate suggestions.

    Core consumer product. $10/month entry tier with monthly credit allocation. Not trained on. 18+ required.

    Muse (proprietary fiction model)First-party LLM

    data: Same user manuscript content sent for generation.

    Sudowrite's own model built for fiction; marketed as Muse 1.5. Training corpus not disclosed but vendor states user writing is not used to train it.

    Plugins (1,000+ community/user-built)User-extensible prompts/tools

    data: User content passed into selected plugins.

    Users can build and run third-party-authored plugins; introduces additional prompt-routing surface but governed by same account/privacy terms.

    Free Tools (story/plot/name generators)Public lead-gen generators

    data: Anonymous or lightly-identified prompt input.

    Marketing funnel tools; minimal data scope.

    // What to watch

    • No security/trust/compliance page exists (all such URLs 404).
    • No enterprise certifications (SOC 2 / ISO 27001) claimed or found - normal for a small consumer startup.
    • Privacy policy is a generic template with broad language; covers GDPR/CCPA rights but lacks vendor-specific security detail (no named encryption standard, no DPA reference).
    • No bug bounty or pentest evidence.
    • Strong positive: vendor explicitly states it does NOT train on user writing, and Terms grant only a limited service-provision license over user content.
    • Data hosting region not disclosed.

    // At a glance

    Pricing model

    Subscription (monthly credits; entry ~$10/month, free trial, no card needed). Optional non-expiring credit purchases.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Sudowrite (Agenstoria, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    sudowrite.com

    > Browse all vendor trust reports