Zurück zum Trust Center
Nur auf Englisch verfügbar. Dieses Rechtsdokument wird auf Englisch als verbindliche Fassung bereitgestellt. Die Trust-Center-Oberfläche ist in Ihre Sprache übersetzt.

Customer-facing legal documents — change log

Cumulative summary of revisions to the four customer-facing legal documents in this folder (PRIVACY-POLICY.md, DATA-PROCESSING-AGREEMENT.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md).

This file is append-only. Each revision adds a new dated entry at the top; older entries are never edited or removed. The most recent entry is the current state.

For the binding documents themselves, see the trust center: https://trust.ismscopilot.com/privacy-policy, https://trust.ismscopilot.com/dpa, https://trust.ismscopilot.com/ropa, https://trust.ismscopilot.com/terms.

GDPR-material sub-processor or data-handling changes are also notified directly to customers by email; see grc/data-protection/SUB-PROCESSOR-CHANGE-NOTICE-*.md for the most recent notice. This change log is the customer-facing audit trail; it is not a substitute for that direct notice.

2026-04-29 — Terms of Service

Documents touched: TERMS-OF-SERVICE.md only.

  • Added §5(v) Customer Content confirming that, as between the user and ISMS Copilot, the user retains all rights to outputs they create, review, adapt, or publish using the Services. The clause includes four for-clarity carve-outs covering: (a) no rights granted over the Services or their underlying technology; (b) outputs may not be represented as official standards, certifications, or legal advice; (c) outputs may not be used to assert IP claims over content that infringes third-party rights or that was generated by inputting third-party copyrighted material; and (d) ISMS Copilot retains the existing abuse-detection / QA monitoring carve-out under §11(iii).
  • Closes a customer-raised gap on supplier-assurance IP-ownership clarity. The other three documents in this set are unchanged in this revision.

2026-04-27 — Multi-document update (Privacy Policy, DPA, RoPA, Terms)

Documents touched: PRIVACY-POLICY.md, DATA-PROCESSING-AGREEMENT.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md.

  • OpenRouter underlying providers named. The previous vague "United States" reference is replaced with a closed four-provider allowlist (Inceptron, DeepInfra, Cerebras, Google Vertex). Account-level controls are disclosed: mandatory Zero Data Retention; training disallowed (free + paid); publication disallowed (free); PRC-jurisdiction blocklist.
  • Active vs Reserved sub-processor split. OpenAI, X.AI, and Google Gemini are documented as Reserved — code paths exist but no user-facing flow invokes them — and their activation requires customer notice. The Privacy Policy lists Active sub-processors only.
  • Slack (heygrc bot) disclosed as a Customer-Activated Integration. Slack Technologies, Inc. only becomes a sub-processor for a customer's data when that customer's organisation owner explicitly installs the bot. The 30-day advance-notice rule for Active sub-processors does not apply because activation requires explicit customer-side action. New processing activity (RoPA #10), new data-subject category (Slack workspace users without ISMS Copilot accounts), and a ToS §7(iv) acknowledgment.
  • Anthropic retention factually corrected. The prior "zero retention" wording for Anthropic on the paid default path is replaced with the accurate 30-day commercial-API abuse-monitoring cache. Customers requiring zero retention are directed to enable Advanced Data Protection (Mistral, EU).
  • "No-training" wording tightened. Prior wording implied a signed bilateral addendum with Anthropic and Mistral. New wording reflects what is actually relied on: each provider's published commercial-API terms prohibit training on customer content.
  • Per-provider transfer-mechanism stack documented in DPA §3 (SCCs / SCCs + EU-US Data Privacy Framework / EU residency, depending on provider).
  • Moderation correction. Moderation always runs on Mistral (EU, zero retention), regardless of ADP. The Privacy Policy and DPA disclose the metadata-only retention scope of moderation_events and the thread-deletion lock for flagged threads (with the Article 17 email-mediated path for content within flagged threads).
  • ToS §11(iii) and §7(i) tightened — the prior "without anonymization and strict safeguards" carveout is removed, and the prior blanket EU-residency disclaimer is replaced with a factual routing description matching the Privacy Policy and DPA.
  • Advanced Data Protection (ADP) framed as the durable in-product opt-out for any user who needs fully EU-based AI processing.

A 30-day customer objection window for the OpenRouter sub-processor change runs through 2026-05-27 (notice at grc/data-protection/SUB-PROCESSOR-CHANGE-NOTICE-2026-04-27-OPENROUTER.md).