// Trust & Security Report
Sudowrite (Agenstoria, Inc.)
AI writing assistant for fiction (consumer SaaS web app + mobile, plus 1,000+ community Plugins and a proprietary Muse model)
Certifications held
3
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on sudowrite.com“No SOC 2 claim found anywhere on the vendor's site. /security, /trust, /trust-center, /compliance all return 'Page not found'.”
Verify on sudowrite.com“If you are a resident of the European Economic Area (EEA), you have certain data protection rights and the Operator aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.”
> Show 1 unconfirmed / not-held certifications
source: sudowrite.comConsumer fiction-writing tool with no health-data scope; no HIPAA claim made and none applicable.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not stated
Data region
unknown (US-based company governed by California law; privacy policy notes cross-border transfers may occur but does not specify a hosting region)
Sudowrite states it does not train AI models on user writing. FAQ direct quote: 'We do not use your writing to train AI models.' Founder Amit Gupta has separately stated 'No manuscripts were used to train the AI as we have not done any training.' Generation is powered by third-party LLM providers (e.g. OpenAI enterprise API, which contractually does not retain or train on submitted data) plus Sudowrite's own 'Muse' fiction model. Any review of user content for model fine-tuning is described as optional and consent-based.
// Security controls
Stated safeguards
Reasonable administrative, technical, and physical safeguards claimed, but no specifics (no named encryption standard, key management, or access-control detail in the policy).
sudowrite.comEncryption
unknown / not stated in policy. Third-party reviews mention 'industry-standard encryption' but this is not asserted on a vendor-owned security page.
sudowrite.comContent ownership
User retains all rights to Your Content; Sudowrite takes only a non-exclusive license to host/process to provide the service, with no right to sell or distribute it.
sudowrite.com// Products & data scope
data: User-authored manuscripts, characters, worldbuilding, account info (name, email, Google-linked account). Content processed via third-party LLMs to generate suggestions.
Core consumer product. $10/month entry tier with monthly credit allocation. Not trained on. 18+ required.
data: Same user manuscript content sent for generation.
Sudowrite's own model built for fiction; marketed as Muse 1.5. Training corpus not disclosed but vendor states user writing is not used to train it.
data: User content passed into selected plugins.
Users can build and run third-party-authored plugins; introduces additional prompt-routing surface but governed by same account/privacy terms.
data: Anonymous or lightly-identified prompt input.
Marketing funnel tools; minimal data scope.
// What to watch
- No security/trust/compliance page exists (all such URLs 404).
- No enterprise certifications (SOC 2 / ISO 27001) claimed or found - normal for a small consumer startup.
- Privacy policy is a generic template with broad language; covers GDPR/CCPA rights but lacks vendor-specific security detail (no named encryption standard, no DPA reference).
- No bug bounty or pentest evidence.
- Strong positive: vendor explicitly states it does NOT train on user writing, and Terms grant only a limited service-provision license over user content.
- Data hosting region not disclosed.
// At a glance
Pricing model
Subscription (monthly credits; entry ~$10/month, free trial, no card needed). Optional non-expiring credit purchases.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Sudowrite (Agenstoria, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
sudowrite.com