Transparency, Explainability, Interpretability (TEI)

Transparency

Our AI assistants differ in hosting location, data retention, and purpose. We disclose these details clearly so you can make an informed choice:

Assistant	Underlying Model	Hosting Location	Data Retention	Data Processing Purpose
ISMS Copilot Free	Claude 3.7	US	Indefinite*	Multi-framework compliance guidance (limited by usage quota)
ISMS Copilot X	Claude 3.7	US	Indefinite*	Multi-framework compliance guidance (unlimited usage)
ISMS Copilot One	Claude 3.7 with web search	US	Indefinite*	Enhanced compliance guidance with web search
ISO 27001 Copilot	Claude 3.7	US	Indefinite*	Specialized ISO 27001 implementation guidance
Policy Assistant	Claude 3.7	US	Indefinite*	Security policy creation and management
SOC 2 Copilot	Claude 3.7	US	Indefinite*	SOC 2 compliance guidance
ISO 42001 Copilot	Claude 3.7	US	Indefinite*	AI governance and ISO 42001 guidance
ISMS Copilot EU	GPT-4	EU (France)	90 days	Multi-framework compliance with EU data residency
GDPR Copilot	GPT-4	EU (France)	90 days	GDPR compliance guidance
DORA Copilot	GPT-4	EU (France)	90 days	Digital Operational Resilience Act compliance
NIS2 Copilot	GPT-4	EU (France)	90 days	Network and Information Security Directive compliance
EU AI Act Copilot	GPT-4	EU (France)	90 days	EU AI Act compliance guidance
Cyber Resilience Act Copilot	GPT-4	EU (France)	90 days	EU Cyber Resilience Act compliance
Temporary Chats	GPT-4	EU (France)	30 days	Multi-framework compliance guidance with enhanced privacy

Indefinite retention means we store conversation data unless you request deletion. EU-based assistants automatically delete conversations after 90 days, and “Temporary Chats” are purged after 30 days.

See further detail on the original page.

Explainability

Explainability means showing how and why each AI assistant arrives at its recommendations, without overwhelming you with technical jargon.

Reasoning Summaries
- We present short “Reasoning Summaries” for our AI outputs, highlighting the primary factors or references (e.g., “According to ISO 27001 control 6.1.2…”).
- These summaries explain the main logic that led to a recommendation.
Source Attribution
- Where possible, we cite specific standards or clauses (e.g., ISO 27001 sections, SOC 2 TSC, etc.).
- We distinguish factual references from interpretative best practices, ensuring you know which parts of the AI’s guidance are strictly from the standard and which are suggestions.
Confidence Levels
- High Confidence: When a specific standard or regulatory text explicitly states it.
- Medium Confidence: When it’s widely accepted industry practice but not written verbatim in the standard.
- Low Confidence: When the assistant is less certain or the situation is highly context-dependent.
Limitations
- The AI may produce inaccuracies (“hallucinations”). We encourage you to verify critical advice with official documents or experts.
- Since standards evolve, some references might become outdated over time—always check for the latest version.

3. Interpretability

Interpretability focuses on understanding how the model processes information internally. Our assistants are built on Large Language Models (LLMs), which operate as complex “black boxes.” While we cannot expose every layer of the neural network, we do:

Provide a Simple Reasoning Summary
- You’ll see a brief explanation of what informed the conclusion—like referencing certain clauses or acknowledging user inputs.
- This is not the full “chain-of-thought” but offers a high-level glimpse.
Acknowledge Black-Box Nature
- LLMs are not purely rule-based. They generate responses probabilistically.
- For highly critical or nuanced guidance, we recommend consulting a human expert or official standard documentation.
Encourage Validation
- We make it easy for you to review the sources or best practices.
- You decide whether the AI output aligns with your context, risk profile, and compliance obligations.

Feedback & Contact

If you notice inaccurate outputs or want us to delete your conversation history, please reach out.