<aside> 💡 Scope : This platform privacy is our most general privacy policy for our services. Why? ISMS Copilot is a SaaS platform providing access to two main applications: ISMS Policy Generator and ISMS Copilot chatbots. This comprehensive privacy policy provides an overview of data protection practices as part of the use of our platform. The trust center will detail further the specifics for each application. If you’re looking for the public website privacy notice, find it here.
</aside>
Important Hosting Update (13/01/25)
Mid-december, we announced that as of February 1st, 2025, ISMS Copilot would no longer offer EU-hosted conversations due to the closure of our EU provider. In the meantime, we hosted conversations in the US, with GDPR compliance ensured through Standard Contractual Clauses (SCCs) and robust data protection measures.
But, we’re happy to announce that our ability to offer 100% EU hosted assistants is finally maintained.
So, we’ll keep supporting assistance for EU regulations (DORA, NIS2, EU AI ACT, Cyber Resilience Act, GDPR), and these assistants will be hosted in the EU. This information supersedes any other information about EU hosting. We confirm as of 13/01/2025 that ISMS Copilot EU is back in the game.
For more details, please visit our FAQ for EU users.
Last Updated: 19 December 2024
This Global Privacy Policy (“Policy”) sets forth the principles governing the collection, use, disclosure, transfer, and protection of personal data (“Personal Data”) by ISMS Copilot (“ISMS Copilot,” “we,” “us,” or “our”) in connection with our SaaS platform, including but not limited to the ISMS Policy Generator and ISMS Copilot chatbots (collectively, the “Services”).
This Policy aligns with internationally recognized data protection standards, including the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”). It also takes into account other applicable privacy and data protection laws, including, where relevant, the California Consumer Privacy Act (“CCPA”), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), Brazil’s Lei Geral de Proteção de Dados (“LGPD”), India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), and other regional regulations. In case of a conflict between this Policy and any other documentation, this Policy prevails with respect to data protection matters.
We may provide supplemental notices to address jurisdiction-specific requirements. By using the Services, you acknowledge that your Personal Data may be processed as described herein.
As of 1 February 2025, we no longer offer EU-based hosting for conversation data due to the closure of our former EU hosting provider. All conversation data is now hosted in the United States. We implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) pursuant to GDPR Article 46, and other legally recognized mechanisms, to ensure an adequate level of data protection.
We maintain a GDPR-aligned baseline and strive to comply with applicable local laws, including the DPDP Act in India. Depending on your location, you may have additional rights or obligations under local law.
Account Information:
User-Provided Data: