Last update: May 2024
ISMS POLICY GENERATOR TERMS OF SERVICE #
This ToS applies to the Policy Generation service. It covers the ISMS Policy Generator. If you want to know about the ISMS Copilot AI assistants, please see the ISMS Copilot Terms of Service.
1. Acceptance of Terms
Your use of ISMS Copilot’s services and products, including the website app.ismscopilot.com, is subject to the terms of a legal agreement between you and ISMS Copilot, a Better ISMS initiative.
2. User Obligations
Users are strictly prohibited from using the services for any illegal, inappropriate or dangerous activities. Misuse or exploitation of the services is not permitted. The service may be used by consultants on behalf of their clients, provided they have obtained the necessary permissions. Corporate users must obtain approval from their respective risk, security or compliance departments prior to using the service.
3. Prohibited Activities
Users are strictly prohibited from:
- Attempting to hack, exploit, or otherwise compromise the security and functionality of ISMS Policy Generator’s services.
- Trying to obtain system prompts, internal data, or the underlying knowledge base of the chatbots and services.
- Engaging in activities that abuse or misuse the resources of the service, including but not limited to generating excessive load or performing actions that degrade the service performance.
- Making the AI assistants perform any illegal actions or generate content that is unlawful or violates third-party rights.
4. Service Monitoring and Abuse Detection
We may read your inputs and assistant outputs solely for service monitoring and abuse detection. This process ensures the security and proper use of our services.
If admins observe the model responding in a wrong or misleading way, they will manually teach the model to perform better next time. This manual improvement process ensures that data about your company won’t be given to the model.
Your data is not used for any other purpose, and if accessed, it is done securely, following strict access control measures. Users should be aware that any attempt to use the services in a forbidden way can be detected and will result in appropriate actions.
5. Services
Our services rely on sub-processors and involve storing data in U.S. servers. We do not request nor require sensitive or confidential business data, and we are not responsible for the unauthorized transmission of such data. Our services operate on the principle of data minimization. Any personal information not requested should not be provided. When generating ISMS documents, provide roles, not people’s names.
6. Payment
Services are provided on a subscription purchase basis. Payment is processed through our Stripe plugin, which means we do not store any payment information, they are handled by Stripe.
7. Limitation of Liability
To the maximum extent permitted by law, ISMS Copilot shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data, or other intangible losses resulting from the use of our services.
Additionally, in no case does the use of ISMS Copilot tools guarantee that the Information Security Management System (ISMS) of the company will be compliant with ISO 27001. We do not guarantee that the use of the platform will result in ISO certification, and it should never be understood as such.
8. Data Collection and Use
For the ISMS Policy Generator, we collect company-related information such as the company name, company description, company country, and company industry, and ISMS details.
This data is stored in our database, used for policy generation, and is part of the generated policy privately stored on Google Drive. Email addresses are collected for sending policies and processing payments, and are stored in our database. We ensure our practices are as GDPR-friendly as possible. Please refer to our Privacy Policy for more information.
The Policy AI Generator Assistant coming along with the subscription for the ISMS Policy Generator service follows the data collection and use measures described in the section “3. Data Management and User Consents” of the ISO 27001 Copilot terms of service, as this service is provided through the same third-party provider as the ISO 27001 Copilot.
9. Dispute Resolution
Any disputes arising out of these terms and your use of our services will be governed by the laws of France, without regard to its conflict of law provisions. You and ISMS Copilot agree to submit to the personal jurisdiction of the courts located within France.
10. Termination
ISMS Copilot reserves the right to terminate your access to our services at any time, for any reason. For subscription services, users may terminate their subscription at any time.
11. Refund Policy
Please refer to our Refund Policy for the conditions and process for requesting a refund. Refunds are handled by Stripe, so at the moment we requested the refund from Stripe, we’re not liable for any delay in the delivery of the refund to your bank account (usually 5-10 days, according to stripe policies).
If you request refund on an annual plan, we’ll refund on a pro-rata basis.
12. Disclaimer Regarding ISO 27001 Certification
ISMS Policy Generator focuses on assisting users in generating tailored information security policies. While these policies are an integral part of the ISO 27001 certification process, users must understand that obtaining ISO 27001 certification involves comprehensive requirements beyond policy generation. These include, but are not limited to, the actual implementation of security controls, risk management procedures, and ongoing compliance activities.
The services provided by ISMS Policy Generator are designed to support part of the ISO 27001 certification process but do not guarantee certification success. The responsibility for meeting the full scope of ISO 27001 standards, including the effective implementation and maintenance of security controls and practices, rests with the user. ISMS Policy Generator makes no representation or warranty about the user’s ability to achieve ISO 27001 certification through the sole use of our services.
Users are encouraged to consult with qualified professionals and consider additional resources or services to fully comply with ISO 27001 standards and successfully complete the certification process.
13. Affiliate Links Disclosure
The ISMS Copilot platform may occasionally display affiliate links from partners to provide valuable resources aligned with our mission of empowering you on ISO 27001 implementation. Clicking these links and making a purchase may earn us a commission at no extra cost to you. These affiliate links are chosen based on their relevance and potential value. However, inclusion does not imply endorsement, and we encourage you to perform your own due diligence before making any purchase. This policy may be updated periodically, and continued use of our platform signifies acceptance of these changes.
14. Partner Programme
You’ll have access to the ISMS Copilot Partner Program, designed to reward users who refer new customers to our platform. By joining the Partner Program, you can earn a 20% commission on every sale made through your referral link.
Program Setup:
- Our Partner Program is managed through PromoKit, providing an easy-to-use platform for tracking referrals and commissions.
Earnings:
- Participants will earn a 20% commission on each sale.
- Commission payments will cease if a referred customer cancels their subscription or service.
Eligibility and Conditions:
- Only registered users of ISMS Copilot are eligible to join the Partner Program.
- Commissions are subject to our standard payout schedule and may be adjusted in cases of refunds or chargebacks.
For more information and to join the Partner Program, visit Partner Program Dashboard.
Termination of Participation:
- ISMS Copilot reserves the right to terminate your participation in the Partner Program if we detect any fraudulent activity or breach of terms.
Changes to the Program:
- ISMS Copilot may modify the terms of the Partner Program at any time, with changes effective upon posting on our website.
For any questions regarding the Partner Program, please contact our support team.
By participating in the Partner Program, you agree to these terms and conditions in addition to our general terms of service.
ISMS COPILOT TERMS OF SERVICE #
ISMS Copilot TERMS OF SERVICE
Last updated: 29/07/2024
Short Version
Utilizing ISMS Copilot (and any other AI assistant within our platform) signifies acceptance of key terms: it’s a service subject to change and potential errors, including AI-driven inaccuracies or hallucinations. Conversations data management is conducted through subprocessors, and their policies apply. If you are a consultant, ensure you obtain client consent for data use. While our AI assistants strive for accuracy, errors or hallucinations are unavoidable, and all outputs should be reviewed for critical decisions. We are not responsible for any damages caused by the outputs of our AI assistants.
We do not automatically improve AI models based on your data. If any training occurs, it involves a manual process using anonymized, non-confidential interactions. By using ISMS Copilot, you agree to our licensing terms.
Expect potential updates, including changes to service features and pricing. Participation in beta does not guarantee free access. Upgrading to a paid plan is required for continuous and full access, as long as the service fees are paid on time.
Users are prohibited from hacking, exploiting, or misusing the service in any way. Monitoring is in place to detect such activities, with strict consequences for violations, including termination of service access.
Introduction #
These Terms of Service (“Terms”) are a contract between you and us, outlining your use of the ISMS Copilot service (“Service”). By accessing or using the Service, you confirm your agreement to these Terms.
1. Service Description
ISMS Copilot provides AI-driven guidance to assist in understanding and implementing ISO 27001 and other compliance efforts. It utilizes AI technology to offer tailored responses based on the information provided.
2. No Guarantee of Compliance
Using ISMS Copilot does not ensure ISO 27001 compliance or any other standard compliance. The Service is a tool to assist in your journey, but it is not a replacement for formal audits or the advice of certified professionals.
3. Data Management and User Consents
Conversation data input into the Service is managed by subprocessors. It is your responsibility to ensure you have obtained all necessary rights and consents to input data into the Service, especially if you act on behalf of a client or third party.
4. Limitations of Service and Liability
The Service is provided “as is,” without warranties of any kind. Outputs generated by the AI assistants, including advice or recommendations, should be reviewed thoroughly before any action is taken. Hallucinations (errors or inaccuracies in AI responses) are an inherent part of the technology. As such, we disclaim any liability for damages or losses caused by the reliance on or use of the Service’s outputs.
In no event shall ISMS Copilot or its affiliates be liable for any indirect, incidental, punitive, or consequential damages arising from your use of the Service. It is your responsibility to verify and validate the information provided by the AI assistants.
5. Right to Terminate
We reserve the right to terminate your access to the Service at any time, with or without cause or prior notice, including for violations of these Terms, misuse of the platform, or at our sole discretion. While we aim to provide a clear reason for termination, the right to terminate remains with ISMS Copilot and may be exercised in cases deemed appropriate for maintaining the integrity and security of our services.
6. Intellectual Property
All intellectual property related to the Service, excluding user-provided data, belongs to us or our licensors. You are granted a limited, non-exclusive, and revocable license to use the Service under these Terms.
7. Amendments to Terms
We reserve the right to modify these Terms at any time. Continued use of the Service after such modifications constitutes acceptance of the updated Terms.
8. Governing Law
These Terms are governed by the laws of the jurisdiction in which ISMS Copilot operates. Any legal action or proceedings related to the Terms shall be brought in the courts of this jurisdiction.
9. Prohibited Activities
Users are strictly prohibited from:
- Hacking, exploiting, or attempting to compromise the security and functionality of ISMS Copilot.
- Accessing system prompts, internal data, or underlying knowledge bases without authorization.
- Abusing the Service, including generating excessive load or actions that degrade performance.
- Instructing AI assistants to perform illegal or unlawful activities.
- Misrepresenting your identity or affiliation with a person or entity.
10. Monitoring and Abuse Detection
For the security and integrity of our services, we may monitor inputs and outputs solely for service maintenance and abuse detection. No personal or confidential data is used to improve AI models unless anonymized and selected through a manual process. Any misuse of the service will be addressed, and appropriate actions will be taken, including service suspension.
11. Sanctions for Policy Violations
Violations of these Terms may result in immediate suspension or termination of access to the Service without prior notice. We may also pursue legal action for damages or report unlawful activities to relevant authorities.
By using ISMS Copilot, you agree to these Terms and accept full responsibility for verifying the AI outputs and ensuring necessary consents for data usage.
12. Data Retention and Deletion
ISMS Copilot offers features such as temporary chats, which are designed to automatically delete data after 30 days. While we strive to manage data securely, we do not guarantee the deletion of data owned or controlled by third-party services, such as Chatbase.co. Data submitted to such third parties is subject to their retention and deletion policies, over which ISMS Copilot has no control.
By using the Service, you acknowledge that ISMS Copilot cannot be held liable for any issues arising from third-party data retention or deletion practices. It is your responsibility to review the data policies of these third-party providers and ensure compliance with your organization’s requirements.
We make reasonable efforts to maintain the integrity of our systems and services, but we cannot guarantee the complete deletion of data stored by third parties.
