Today, where data privacy and security are paramount concerns, we understand the importance of being open about how we handle user information. The Trust Center is our way of addressing these concerns head-on, offering clear, detailed explanations of our policies and procedures.

This resource is particularly valuable for our users who are implementing or maintaining information security management systems. It demonstrates our own commitment to the principles we help our users implement, showcasing how we "practice what we preach" in terms of information security and data protection.

The Trust Center is regularly updated to reflect the most current practices and policies, ensuring that our users always have access to the latest information. It's designed to be user-friendly, allowing visitors to easily navigate and find the specific information they need.

Key areas covered in the Trust Center include:

Transparency:

The Trust Center offers in-depth explanations of how ISMS Copilot assistants are trained.

It clarifies that confidential information, such as account details, personal data, and sensitive business information, is never used for training purposes.

The center explains that the goal of training our models is to create assistants knowledgeable about information security standards implementation.

Data Practices:

‍Clear information is provided on how user data is collected, processed, and stored.

The center outlines the types of data collected, including account information, user-provided data, and automatically collected data.

It details the processing activities for both the ISMS Policy Generator and ISMS Copilot Chatbots.

Security Measures:

‍The Trust Center outlines general security measures and specific security practices.

It explains the use of encryption for data in transit (SSL/TLS) and at rest (AWS AES-256).

Access controls are detailed, including the requirement for two-factor authentication (2FA) for all users.

User Rights:

‍Information on data subject rights under GDPR is provided, including the right to access, rectification, erasure, and data portability.

The center explains how users can exercise these rights and the expected response times.

Compliance:

Details on compliance with GDPR and CCPA are provided.

For EU users, it explains that data is hosted within the EU (Amsterdam and Sweden) to ensure GDPR compliance.

For US users, it mentions that appropriate safeguards are in place.

Updates:

‍The Trust Center commits to regular reviews and updates of data protection practices.

It mentions working with providers to implement granular data-related controls.

International Data Transfers:

Information on how data transfers are handled for EU and US users is provided, especially through SCCs.
‍
‍By providing this level of detail and transparency, we aim to empower our users with the knowledge they need to make informed decisions about using our services.

The Trust Center reflects our dedication to maintaining the highest standards of data protection and security in all aspects of our operations.