ISMS Copilot Terms and Conditions

Table Of Contents

Last update: May 2024

Table Of Contents

ISMS POLICY GENERATOR TERMS OF SERVICE #

This ToS applies to the Policy Generation service. It covers the ISMS Policy Generator and the Policy Generator Assistant. If you want to know about the ISO 27001 Copilot service (i.e., Risk assessment assistant and the ISO 27001 Copilot), please see the ISO 27001 Copilot Terms of Service.

1. Acceptance of Terms

Your use of ISMS Copilot’s services and products, including the website app.ismscopilot.com, is subject to the terms of a legal agreement between you and ISMS Copilot, a Better ISMS initiative.

2. User Obligations

Users are strictly prohibited from using the services for any illegal, inappropriate or dangerous activities. Misuse or exploitation of the services is not permitted. The service may be used by consultants on behalf of their clients, provided they have obtained the necessary permissions. Corporate users must obtain approval from their respective risk, security or compliance departments prior to using the service.

3. Prohibited Activities
Users are strictly prohibited from:

  • Attempting to hack, exploit, or otherwise compromise the security and functionality of ISMS Policy Generator’s services.
  • Trying to obtain system prompts, internal data, or the underlying knowledge base of the chatbots and services.
  • Engaging in activities that abuse or misuse the resources of the service, including but not limited to generating excessive load or performing actions that degrade the service performance.
  • Making the AI assistants perform any illegal actions or generate content that is unlawful or violates third-party rights.

4. Service Monitoring and Abuse Detection

We may read your inputs and assistant outputs solely for service monitoring and abuse detection. This process ensures the security and proper use of our services.

If admins observe the model responding in a wrong or misleading way, they will manually teach the model to perform better next time. This manual improvement process ensures that data about your company won’t be given to the model.

Your data is not used for any other purpose, and if accessed, it is done securely, following strict access control measures. Users should be aware that any attempt to use the services in a forbidden way can be detected and will result in appropriate actions.

5. Services

Our services rely on sub-processors and involve storing data in U.S. servers. We do not request nor require sensitive or confidential business data, and we are not responsible for the unauthorized transmission of such data. Our services operate on the principle of data minimization. Any personal information not requested should not be provided. When generating ISMS documents, provide roles, not people’s names.

6. Payment

Services are provided on a subscription purchase basis. Payment is processed through our Stripe plugin, which means we do not store any payment information, they are handled by Stripe.

7. Limitation of Liability

To the maximum extent permitted by law, ISMS Copilot shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data, or other intangible losses resulting from the use of our services. 

Additionally, in no case does the use of ISMS Copilot tools guarantee that the Information Security Management System (ISMS) of the company will be compliant with ISO 27001. We do not guarantee that the use of the platform will result in ISO certification, and it should never be understood as such.

8. Data Collection and Use

For the ISMS Policy Generator, we collect company-related information such as the company name, company description, company country, and company industry, and ISMS details. 

This data is stored in our database, used for policy generation, and is part of the generated policy privately stored on Google Drive. Email addresses are collected for sending policies and processing payments, and are stored in our database. We ensure our practices are as GDPR-friendly as possible. Please refer to our Privacy Policy for more information.

The Policy AI Generator Assistant coming along with the subscription for the ISMS Policy Generator service follows the data collection and use measures described in the section “3. Data Management and User Consents” of the ISO 27001 Copilot terms of service, as this service is provided through the same third-party provider as the ISO 27001 Copilot.

9. Dispute Resolution

Any disputes arising out of these terms and your use of our services will be governed by the laws of France, without regard to its conflict of law provisions. You and ISMS Copilot agree to submit to the personal jurisdiction of the courts located within France.

10. Termination

ISMS Copilot reserves the right to terminate your access to our services at any time, for any reason. For subscription services, users may terminate their subscription at any time.

11. Refund Policy

Please refer to our Refund Policy for the conditions and process for requesting a refund. Refunds are handled by Stripe, so at the moment we requested the refund from Stripe, we’re not liable for any delay in the delivery of the refund to your bank account (usually 5-10 days, according to stripe policies).

If you request refund on an annual plan, we’ll refund on a pro-rata basis.

12. Disclaimer Regarding ISO 27001 Certification

ISMS Policy Generator focuses on assisting users in generating tailored information security policies. While these policies are an integral part of the ISO 27001 certification process, users must understand that obtaining ISO 27001 certification involves comprehensive requirements beyond policy generation. These include, but are not limited to, the actual implementation of security controls, risk management procedures, and ongoing compliance activities.

The services provided by ISMS Policy Generator are designed to support part of the ISO 27001 certification process but do not guarantee certification success. The responsibility for meeting the full scope of ISO 27001 standards, including the effective implementation and maintenance of security controls and practices, rests with the user. ISMS Policy Generator makes no representation or warranty about the user’s ability to achieve ISO 27001 certification through the sole use of our services.

Users are encouraged to consult with qualified professionals and consider additional resources or services to fully comply with ISO 27001 standards and successfully complete the certification process.

13. Affiliate Links Disclosure

The ISMS Copilot platform may occasionally display affiliate links from partners to provide valuable resources aligned with our mission of empowering you on ISO 27001 implementation. Clicking these links and making a purchase may earn us a commission at no extra cost to you. These affiliate links are chosen based on their relevance and potential value. However, inclusion does not imply endorsement, and we encourage you to perform your own due diligence before making any purchase. This policy may be updated periodically, and continued use of our platform signifies acceptance of these changes.

14. Partner Programme

You’ll have access to the ISMS Copilot Partner Program, designed to reward users who refer new customers to our platform. By joining the Partner Program, you can earn a 20% commission on every sale made through your referral link.

Program Setup:

  • Our Partner Program is managed through PromoKit, providing an easy-to-use platform for tracking referrals and commissions.

Earnings:

  • Participants will earn a 20% commission on each sale.
  • Commission payments will cease if a referred customer cancels their subscription or service.

Eligibility and Conditions:

  • Only registered users of ISMS Copilot are eligible to join the Partner Program.
  • Commissions are subject to our standard payout schedule and may be adjusted in cases of refunds or chargebacks.

For more information and to join the Partner Program, visit Partner Program Dashboard.

Termination of Participation:

  • ISMS Copilot reserves the right to terminate your participation in the Partner Program if we detect any fraudulent activity or breach of terms.

Changes to the Program:

  • ISMS Copilot may modify the terms of the Partner Program at any time, with changes effective upon posting on our website.

For any questions regarding the Partner Program, please contact our support team.


By participating in the Partner Program, you agree to these terms and conditions in addition to our general terms of service.

ISO 27001 COPILOT TERMS OF SERVICE #

Last updated: 29/07/2024

Short version

Utilizing the ISO 27001 Copilot (and any other AI chat assistant within our platform) signifies acceptance of key terms: it’s a beta service with potential for change and error. Data management is through Chatbase.co, so their policies apply. If you are a consultant, ensure client consent for data use. Our ISO 27001 assistant aims for accuracy but can make mistakes, so verify for peace of mind.

We want to emphasize that our AI models are not automatically improved based on your data. Any training involves a manual process where selected, anonymized interactions may be used, ensuring no confidential information is included. Use of services implies agreeing with our licensing agreement.

Expect updates, including potential changes in service features and pricing. Joining beta without paying does not guarantee continuous free access. Only the upgrading to the paid version, or upgrading to the Pro plan of our platform guarantees a continuous access to the ISO 27001 Copilot, as long as the user pays for it, of course. 

Users are prohibited from attempting to hack, exploit, or misuse the service in any way. Monitoring is in place to detect and prevent such activities, with strict consequences for violations.

Introduction

Welcome to the ISO 27001 Copilot, powered by Chatbase.co. These Terms of Service (“Terms”) are a contract between you and us, outlining your use of the ISO 27001 Copilot service (“Service”). By accessing or using the Service, you confirm your agreement to these Terms.

1. Service Description

The ISO 27001 Copilot provides AI-driven guidance to support your understanding and implementation of ISO 27001 compliance efforts. It utilizes Chatbase.co’s AI technology to offer tailored advice based on the information you provide.

2. No Guarantee of Compliance

Utilizing the ISO 27001 Copilot does not ensure ISO 27001 compliance. The Service aims to assist in your compliance journey but cannot replace the need for a formal audit or the expertise of certified professionals in the field of information security management.

3. Data Management and User Consents

Data input and generated by the Service is managed by Chatbase.co. You are responsible for ensuring that you have all necessary rights and consents to use, input, and share data within the Service, particularly if you are acting on behalf of a third party or a client. Refer to Chatbase.co’s Privacy Policy for detailed information on their data handling practices.

4. Limitations of Service

The Service is provided on an “as is” basis without any warranties, express or implied. Decisions based on the Service’s output should be taken with caution, and it is recommended to seek advice from professionals certified in ISO 27001 for comprehensive risk assessments and compliance strategies.

5. Intellectual Property

All intellectual property related to the Service, excluding user-provided data, belongs to us or our licensors. You are granted a non-exclusive, revocable license to use the Service under these Terms.

6. Amendments to Terms

We reserve the right to modify these Terms at our discretion. Your continued use of the Service after such changes indicates your acceptance of the new Terms.

7. Governing Law

These Terms are governed by the laws of our jurisdiction.

8. Contact Information

For any inquiries regarding these Terms, please contact us via our contact form in the footer.

9. Prohibited Activities

Users are strictly prohibited from:

  • Attempting to hack, exploit, or otherwise compromise the security and functionality of the ISO 27001 Copilot.
  • Trying to obtain system prompts, internal data, or the underlying knowledge base of the chatbots and services without authorization.
  • Engaging in activities that abuse or misuse the resources of the service, including generating excessive load or performing actions that degrade the service performance.
  • Making the AI assistants perform any illegal actions or generate content that is unlawful or violates third-party rights.
  • Impersonating any person or entity or falsely stating or otherwise misrepresenting your affiliation with a person or entity.

10. Service Monitoring and Abuse Detection

To ensure the security and proper use of our services:

  • We may monitor user inputs and assistant outputs solely for the purposes of service monitoring and abuse detection.
  • If admins observe the model responding in a wrong or misleading way, they will manually teach the model to perform better next time. This manual improvement process ensures that data about your company won’t be given to the model.
  • Your data is not used for any other purpose, and if accessed, it is done securely, following strict access control measures. Users should be aware that any attempt to use the services in a forbidden way can be detected and will result in appropriate actions.

11. Sanctions for Policy Violations

Violations of these Terms may result in sanctions, including but not limited to:

  • Immediate suspension or termination of your access to our services without prior notice.
  • Initiation of legal action against you for any damages or losses incurred as a result of your violation.
  • Reporting of your activities to relevant law enforcement authorities if your actions are found to be unlawful.

By using the ISO 27001 Copilot, you agree to these Terms, recognizing the Service’s role as a support tool in your ISO 27001 compliance efforts and accepting responsibility for obtaining necessary consents for data use.

What are your feelings
Updated on 29 July 2024