ISMS Copilot Trust Center

GDPR-by-design — built by a French (EU-headquartered) company

Data encrypted at rest (AES-256) and in transit (TLS 1.3)

SOC 2 Type II audit in progress

ISO 27001 aligned security management system

Regular penetration testing by independent third parties

No training on customer data — your data stays yours

100% EU mode — Mistral (France) on Swedish infrastructure for AI inference

AWS Frankfurt and Amsterdam for storage — EU regions only when EU mode is on

No US-headquartered provider in the data path under EU mode — no Cloud Act exposure

Default for users signing up from Germany, France, and the Netherlands

One-click toggle on every plan, including the free trial — no enterprise contract needed

Documented in our DPA with a data flow diagram for auditors

99.9% uptime SLA for Business customers

Automated backup and disaster recovery, EU regions only

Role-based access control (RBAC)

Comprehensive audit logging

Incident response plan with <24h notification

30-day default retention, configurable down to 0 days