Back to Trust Center

Customer-facing legal documents — change log

Cumulative summary of revisions to the four customer-facing legal documents in this folder (PRIVACY-POLICY.md, DATA-PROCESSING-AGREEMENT.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md).

This file is append-only. Each revision adds a new dated entry at the top; older entries are never edited or removed. The most recent entry is the current state.

For the binding documents themselves, see the trust center: https://trust.ismscopilot.com/privacy-policy, https://trust.ismscopilot.com/dpa, https://trust.ismscopilot.com/ropa, https://trust.ismscopilot.com/terms.

Sub-processor and data-handling changes are notified per DPA §2.4: through (a) the Trust Center, (b) the in-app changelog (with blue-point unread indicator on next login), (c) this change log, and (d) the regular customer product-update / changelog email. For materially-adverse changes (a new sub-processor with a new retention or jurisdiction posture, a weakening of an existing control, etc.), ISMS Copilot will provide at least 30 days' advance notice by in-app announcement and email. For control-neutral sub-processor changes (adding a vetted provider to an existing closed allowlist where the same zero-retention, no-training, transfer-mechanism, and jurisdiction-blocking controls continue to apply), notice is via Trust Center publication and in-app changelog. A more detailed internal change record for each sub-processor change is available on request via privacy@ismscopilot.com.


2026-06-23: Paid-plan AI routing may use the OpenRouter allowlist alongside Anthropic (effective 2026-06-23; control-neutral)

Documents touched: customer-facing DATA-PROCESSING-AGREEMENT.md, PRIVACY-POLICY.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md; internal ai-system/ZDR-Provider-Tracker.md and data-protection/VENDOR-DPA-OPENROUTER-2026-05-05.md. (The OpenRouter underlying-provider allowlist expansion from 4 to 7 and the §2.4 notice-mechanism amendment first noticed on 2026-05-26 are brought into effect together with this change on 2026-06-23, two days ahead of the previously published 2026-06-25 date; those providers have been on the operational allowlist since 2026-05-25, the change is control-neutral, and the objection / Advanced-Data-Protection rights are unchanged. The 2026-06-13 per-session-election proposal recorded below was superseded before publication and never took effect.)

  • Paid-plan routing broadened to mirror the free tier. For paid plans (Plus, Standard, Pro, Business) with Advanced Data Protection off, the closed 7-provider OpenRouter allowlist (Inceptron, DeepInfra, Cerebras, Google Vertex, Together AI, Fireworks AI, Nebius) becomes a permitted AI-routing destination alongside Anthropic, for any chat mode. A paid request may be served by Anthropic or by any allowlisted provider, and routing may move between them over time, with no further sub-processor change.
  • Anthropic is not removed. It remains a disclosed paid provider and the circuit-breaker failover context; it is simply no longer the sole paid path.
  • No new sub-processor; controls unchanged. OpenRouter and all seven underlying providers are already disclosed. The same account-level controls (mandatory Zero Data Retention, training-disallowed, publication-disallowed, allowlist, PRC-blocklist) and the same underlying-provider transfer mechanism (SCCs at the underlying-provider layer; DPF for Google Vertex) apply unchanged. Every allowlisted provider is equal to or stronger than Anthropic on retention, training, and jurisdiction.
  • Retention. Unchanged for any paid traffic still served by Anthropic (up to 30 days for abuse monitoring only, not training). Paid traffic served by an allowlisted provider is zero-retention.
  • EU residency. Advanced Data Protection remains the account-level EU-residency guarantee: enabling it routes all of the organization's AI processing to Mistral (EU, Frankfurt) and suppresses the OpenRouter path for every user, regardless of plan or mode.
  • Supersedes Amendment B. The 2026-06-13 Amendment B (a per-session end-user election gating paid-plan overflow routing) was never published or made operative and is superseded in full by this amendment, which replaces the per-session election model with the account-level routing approach above. The Amendment B entry below is retained for historical completeness only.
  • Classified control-neutral. Notice is via Trust Center publication and the in-app changelog, per DPA §2.4. The Customer may object at any time by emailing privacy@ismscopilot.com, and may keep all processing in the EU at any time by enabling Advanced Data Protection.

2026-06-13: DPA Pending Amendment B: OpenRouter scope expansion to paid-plan overflow routing (effective on publication; control-neutral; web-only)

Documents touched: customer-facing DATA-PROCESSING-AGREEMENT.md, PRIVACY-POLICY.md, TERMS-OF-SERVICE.md, REGISTER-OF-PROCESSING-ACTIVITIES.md; internal data-protection/TRANSFER-IMPACT-ASSESSMENT.md, data-protection/REGISTER-OF-PROCESSING-ACTIVITIES.md, and the new data-protection/SUB-PROCESSOR-CHANGE-NOTICE-2026-06-13-OVERFLOW-FALLBACK.md. (This amendment is independent of the 2026-05-26 DPA §2.4 amendment, which is effective 2026-06-25 under its own 30-day notice schedule.)

  • OpenRouter sub-processor scope expanded. The OpenRouter aggregator (already disclosed since 2026-04-27 for free / null-plan users, expanded 2026-05-28 to Essential) gains a third scope: serve paid plans (Plus, Standard, Pro, Business) with ADP off as overflow routing after the 4-hour token cap is reached, restricted to the same closed two-provider subset as Essential (Google Vertex and Cerebras). No new sub-processor is introduced; no new underlying provider; no change to account-level controls (mandatory ZDR, training-disallowed, publication-disallowed, allowlist, PRC-blocklist); no change to transfer mechanism (SCCs at the underlying-provider layer).
  • Activation is per-session, on explicit in-product end-user election. The overflow path does not auto-engage. When a paid-plan user hits the 4-hour token cap in the ISMS Copilot web app, an in-product card offers continuation on the faster overflow model OR continuation by upgrading to a higher-cap plan. The user must click Continue to elect overflow routing, which then applies for the rest of the current 4-hour window or until an additional overflow usage limit is reached, whichever comes first. The election expires automatically at the next 4-hour bin boundary and is re-prompted on the next over-cap request. Without the election, the request is rate-limited and Anthropic remains the only AI sub-processor for the remainder of the session.
  • Traffic from channels without an in-product election surface (such as Slack integrations) is EXCLUDED from the overflow path. Those channels do not provide an in-product election surface that meets the consent semantics above. Paid-plan users on such channels continue to receive the standard rate-limit message at the 4-hour cap; no overflow routing occurs from those requests in v1.
  • §2.4 control-neutral category clarified. The existing control-neutral category (whose listed examples are non-exhaustive) is clarified with a new (b) example: expanding an already-disclosed sub-processor's scope to serve an additional Customer cohort where the underlying-provider subset, account-level controls, and transfer mechanism remain unchanged, and where no Customer Personal Data flows under the expanded scope unless an explicit per-session end-user election is recorded. The OpenRouter overflow scope expansion is an instance of (b).
  • Existing routing unchanged. ADP path (Mistral, EU) is unchanged. Existing paid-plan routing under the cap (Anthropic, US, SCCs) is unchanged. Free-plan and Essential-plan OpenRouter routing is unchanged. Beyond mode (Plus+) is unchanged; over-cap Beyond requests downgrade to the normal flow with a new notice reason that surfaces the cap state and lets the overflow election flow handle the routing.
  • Classified control-neutral. ISMS Copilot classified this scope expansion as a control-neutral change under §2.4. The amendment becomes effective on publication (the dev-to-main release plus the trust-center mirror sync).

Notice mechanism for this change: in-app changelog (blue-point unread indicator) + Trust Center publication on the effective date + a clearly labeled entry in the next monthly product-changelog email. The change is classified as control-neutral under the new §2.4 (b) wording, so the 30-day advance-notification rule for materially-adverse changes does not apply. Customers may object at any time via privacy@ismscopilot.com. The durable EU-only opt-out (Advanced Data Protection Mode → Mistral, Frankfurt) remains available on every plan.

2026-05-26 — DPA §2.4 sub-processor-notice amendment + OpenRouter allowlist expansion (effective 2026-06-25)

Documents touched: PRIVACY-POLICY.md, DATA-PROCESSING-AGREEMENT.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md.

  • DPA §2.4 sub-processor notice mechanism amended. Aligned with industry norm (Anthropic, OpenAI, Vercel) by distinguishing materially-adverse sub-processor changes (which continue to get at least 30 days' advance notice by in-app announcement and email) from control-neutral changes (notified by Trust Center publication and in-app changelog). The privacy bar itself — zero data retention, no training on customer data, no PRC-jurisdiction infrastructure, Advanced Data Protection Mode available on every plan for EU-only processing — is unchanged. Privacy Policy §2 sub-processor paragraph updated to cross-reference the new §2.4 wording.
  • OpenRouter underlying-provider allowlist expanded from four to seven. Under the new §2.4 wording, this is the first control-neutral change: the named providers are now Inceptron, DeepInfra, Cerebras, Google Vertex (the original four) plus Together AI, Fireworks AI, and Nebius. Each addition was evaluated against the same privacy and jurisdiction bar applied to the original four: zero-retention posture for inference, no training on customer data, published DPA, non-PRC jurisdiction, public deployment-region disclosure. Together AI publishes default routing to North America inference data centers; Fireworks AI operates a multi-region fleet (US, EU Frankfurt + Iceland, APAC Tokyo only — no PRC or Hong Kong infrastructure); Nebius runs primary inference in Finland (EU) with US secondary. Region pinning at the per-provider layer is not exposed by OpenRouter's aggregator API; the §3.1.4 PRC-jurisdiction control relies on each provider's published default region NOT being PRC, verified provider-by-provider during this review.
  • Novita AI evaluated and not added. Novita's corporate HQ is recorded as US, but their public materials describe their inference infrastructure only as "20+ locations, 4+ continents" without naming any region. They do not publish a DPA, a sub-processor list, a governing-law clause in their ToS, or a sub-processor enumeration. For a control framed as a Schrems II-style supplementary measure (no Customer Content transits PRC infrastructure), public opacity makes the control unevidenceable. Re-evaluation requires a written commitment on regional pinning and a published DPA.
  • Account-level controls unchanged. Mandatory Zero Data Retention, Free/Paid Training Disallowed, Free Publication Disallowed, and the PRC-jurisdiction blocklist (Alibaba Cloud International, Baidu Qianfan, DeepSeek, Moonshot AI, Xiaomi, Z.AI) all remain in force.

Notice mechanism for this change: in-app changelog (blue-point unread indicator, visible from 2026-05-26 through 2026-06-25, the full 30-day objection window) + Trust Center publication on 2026-05-26 + a clearly labeled entry titled "Legal/privacy update: DPA amendment and OR allowlist notice" in the May 2026 monthly product-changelog email shipping in the first days of June. Both the DPA amendment and the OR allowlist expansion are effective 2026-06-25, giving customers 30 days to object via privacy@ismscopilot.com. A more detailed internal change record is available on request.

2026-04-29 — Terms of Service

Documents touched: TERMS-OF-SERVICE.md only.

  • Added §5(v) Customer Content confirming that, as between the user and ISMS Copilot, the user retains all rights to outputs they create, review, adapt, or publish using the Services. The clause includes four for-clarity carve-outs covering: (a) no rights granted over the Services or their underlying technology; (b) outputs may not be represented as official standards, certifications, or legal advice; (c) outputs may not be used to assert IP claims over content that infringes third-party rights or that was generated by inputting third-party copyrighted material; and (d) ISMS Copilot retains the existing abuse-detection / QA monitoring carve-out under §11(iii).
  • Closes a customer-raised gap on supplier-assurance IP-ownership clarity. The other three documents in this set are unchanged in this revision.

2026-04-27 — Multi-document update (Privacy Policy, DPA, RoPA, Terms)

Documents touched: PRIVACY-POLICY.md, DATA-PROCESSING-AGREEMENT.md, REGISTER-OF-PROCESSING-ACTIVITIES.md, TERMS-OF-SERVICE.md.

  • OpenRouter underlying providers named. The previous vague "United States" reference is replaced with a closed four-provider allowlist (Inceptron, DeepInfra, Cerebras, Google Vertex). Account-level controls are disclosed: mandatory Zero Data Retention; training disallowed (free + paid); publication disallowed (free); PRC-jurisdiction blocklist.
  • Active vs Reserved sub-processor split. OpenAI, X.AI, and Google Gemini are documented as Reserved — code paths exist but no user-facing flow invokes them — and their activation requires customer notice. The Privacy Policy lists Active sub-processors only.
  • Slack (heygrc bot) disclosed as a Customer-Activated Integration. Slack Technologies, Inc. only becomes a sub-processor for a customer's data when that customer's organisation owner explicitly installs the bot. The 30-day advance-notice rule for Active sub-processors does not apply because activation requires explicit customer-side action. New processing activity (RoPA #10), new data-subject category (Slack workspace users without ISMS Copilot accounts), and a ToS §7(iv) acknowledgment.
  • Anthropic retention factually corrected. The prior "zero retention" wording for Anthropic on the paid default path is replaced with the accurate 30-day commercial-API abuse-monitoring cache. Customers requiring zero retention are directed to enable Advanced Data Protection (Mistral, EU).
  • "No-training" wording tightened. Prior wording implied a signed bilateral addendum with Anthropic and Mistral. New wording reflects what is actually relied on: each provider's published commercial-API terms prohibit training on customer content.
  • Per-provider transfer-mechanism stack documented in DPA §3 (SCCs / SCCs + EU-US Data Privacy Framework / EU residency, depending on provider).
  • Moderation correction. Moderation always runs on Mistral (EU, zero retention), regardless of ADP. The Privacy Policy and DPA disclose the metadata-only retention scope of moderation_events and the thread-deletion lock for flagged threads (with the Article 17 email-mediated path for content within flagged threads).
  • ToS §11(iii) and §7(i) tightened — the prior "without anonymization and strict safeguards" carveout is removed, and the prior blanket EU-residency disclaimer is replaced with a factual routing description matching the Privacy Policy and DPA.
  • Advanced Data Protection (ADP) framed as the durable in-product opt-out for any user who needs fully EU-based AI processing.

A 30-day customer objection window for the OpenRouter sub-processor change runs through 2026-05-27.