ISMS Copilot Licensing Agreement - FAQ | ISMS Copilot Trust Center

At ISMS Copilot, we are committed to legal compliance and securely deploying AI systems. To enhance transparency, we have updated our licensing agreement and created this FAQ.

We want to emphasize that unlike ChatGPT, our AI models are not automatically improved based on your conversations data. Any training involves a manual process where selected, anonymized interactions may be used, ensuring no confidential information is included.

The only purpose of training is making the AI’s guidance more useful to our customers.

We believe this approach underscores our dedication to privacy and security. If you have any questions, please contact support.

1. When does the new agreement come into effect?

The new agreement comes into force on 1st September, 2024.

2. Which AI chatbots are covered by this agreement?

The agreement covers AI Chatbots accessible within the platform, including ISO 27001 Copilot, Risk Assessment Assistant, Policy Assistant, and ISMS Copilot X.

3. Are custom versions integrated into other platforms covered?

No, custom versions integrated by customers into their platforms are not covered by this agreement. When the ISMS Copilot assistants are integrated in a platform by a partner, conversations won’t be used for improving the model in any way.

4. Do you train AI models on conversation data?

Yes, but only under specific conditions. By default, our chatbots do not automatically learn from your interactions. An admin manually selects and anonymizes relevant pairs of questions and answers to improve the chatbot's future performance. Confidential information, such as account details, personal data (e.g., names, emails), and sensitive business details, is never used for training. This manual process ensures privacy and helps make meaningful improvements to the chatbots while focusing only on relevant interactions.

5. Why do you train the AI manually and exclude confidential data?

We train our AI to enhance accuracy and usefulness based on user feedback.
- For example, if a user indicates an error in the control reference for an ISO point, we correct it to improve future responses.
This process is manual to ensure privacy, as we only use anonymized and admin-selected data. Confidential information is never included in our training data to protect user privacy.