Overview
This FAQ answers the most common questions about ISMS Copilot. Find quick answers on features, pricing, data privacy, AI capabilities, and more to help you get the most out of your compliance assistant.
Who This Is For
This FAQ is for:
New users getting started with ISMS Copilot
Organizations evaluating ISMS Copilot for compliance work
Compliance professionals seeking quick answers
Anyone with questions about features, security, or pricing
Getting Started
What is ISMS Copilot?
ISMS Copilot is a specialized AI assistant designed for information security compliance professionals. It provides expert guidance on frameworks like ISO 27001, SOC 2, GDPR, NIST, DORA, NIS2, and more. Unlike general AI tools, ISMS Copilot is trained on a proprietary library from hundreds of real-world compliance projects, ensuring practical, accurate advice.
Who should use ISMS Copilot?
ISMS Copilot is designed for:
Compliance consultants managing multiple clients
CISOs and security managers implementing frameworks
Auditors preparing for or conducting assessments
Solo practitioners handling ISO 27001, SOC 2, or GDPR projects
Enterprise security teams maintaining compliance programs
How do I get started?
Getting started is simple:
Create an account with email, Google, or Microsoft
Start your first conversation by asking a compliance question
Explore features like file upload, workspaces, and personas
The free plan lets you explore core features before upgrading.
What compliance frameworks does ISMS Copilot support?
ISMS Copilot has expertise in:
ISO 27001:2022 - Information Security Management System
SOC 2 - Service Organization Control
PCI DSS - Payment Card Industry Data Security Standard
GDPR - General Data Protection Regulation
DORA - Digital Operational Resilience Act
NIS 2 - Network and Information Systems Directive
ISO 42001 - Artificial Intelligence Management System
EU AI Act - European Union Artificial Intelligence Regulations
NIST Cybersecurity Framework
Features & Capabilities
What can ISMS Copilot help me with?
ISMS Copilot assists with:
Compliance guidance and framework interpretation
Policy and procedure generation
Risk assessment and gap analysis
Audit preparation and readiness
Document analysis and compliance review
Framework mapping between standards
Control implementation guidance
What file types can I upload?
ISMS Copilot supports these file formats:
Documents: PDF, DOC, DOCX
Spreadsheets: XLS, XLSX
Data: CSV, JSON, TXT
Maximum file size is 10 MB per file. Upload files to get gap analysis, compliance reviews, or document-specific guidance.
Learn more about uploading and analyzing files.
What are Personas and how do they work?
Personas change how ISMS Copilot responds based on your role:
Default - Standard compliance assistance
Implementer - Focus on implementation and control deployment
Auditor - Focus on audit preparation and verification
Consultant - Strategic guidance and advisory perspective
Personas and workspaces are mutually exclusive—you can use one or the other, but not both simultaneously.
What are Workspaces and when should I use them?
Workspaces organize conversations by project, client, or framework. Each workspace maintains separate conversation history and can have custom instructions.
Use workspaces when:
Managing multiple compliance projects
Working with different clients (consultants)
Separating work by framework (ISO 27001 vs. SOC 2)
Isolating department-specific compliance work
Compliance consultants should create separate workspaces for each client to keep data isolated and meet confidentiality requirements.
Learn how to organize work with workspaces.
Can I edit or delete messages after sending them?
No. Once sent, messages cannot be edited or deleted. This is by design to maintain conversation integrity and audit trails.
Check your message carefully before clicking Send. Once submitted, messages are permanent.
How many files can I upload at once?
You can upload one file per message. To analyze multiple files, upload them in separate messages within the same conversation thread.
Pricing & Plans
How much does ISMS Copilot cost?
ISMS Copilot offers two plans:
Free Plan: $0/month - Limited daily messages, basic features
Plus Plan: $20/month or $240/year - Unlimited messages, advanced features
Compare plans and see full pricing details.
Is there a free trial?
The Free plan serves as an unlimited trial—use ISMS Copilot indefinitely with limited features at no cost. Upgrade to Plus anytime for unlimited access.
What's included in the Free plan?
The Free plan includes:
AI compliance assistance
Limited daily messages
Basic file uploads (limited quota)
Workspace creation
Access to all frameworks
30-day default data retention
What additional features do I get with Plus?
Plus plan benefits:
Unlimited daily messages - No conversation limits
Increased file uploads - Higher monthly quota
Custom data retention - Keep conversations for 1 day to 7 years
Priority support - Faster response times
Advanced document generation - Enhanced capabilities
Can I cancel my subscription anytime?
Yes. Plus subscribers can cancel anytime with no penalties. Your access continues until the end of your billing period, then you revert to the Free plan.
Do you offer team or enterprise plans?
Team collaboration features are coming soon in the Pro Unlimited plan. Contact support for early access or enterprise inquiries.
Data Privacy & Security
Where is my data stored?
All ISMS Copilot database storage is in the European Union (AWS Frankfurt, Germany). Your conversation history, uploaded files, and account data remain in EU data centers.
Is my data used to train AI models?
No. ISMS Copilot never uses your conversations or uploaded documents to train AI models. Your compliance data remains completely confidential.
This is a critical difference from general AI tools like ChatGPT free tier, which may use conversations for training. ISMS Copilot guarantees your data stays private.
Is ISMS Copilot GDPR compliant?
Yes. ISMS Copilot is fully GDPR compliant with:
EU data storage (Frankfurt, Germany)
End-to-end encryption
No AI training on user data
User-controlled data retention
Right to access, export, and delete data
Read the complete GDPR compliance documentation.
What is Advanced Data Protection Mode?
Advanced Data Protection Mode keeps 100% of your AI processing in the EU with zero data retention by AI providers.
Two modes available:
Default (OFF): xAI/OpenAI process conversations in the US with 30-day retention
Advanced Data Protection (ON): Mistral AI processes conversations in the EU with zero retention
Enable when you need:
Mandatory EU data residency
Zero AI provider data retention
Maximum privacy for sensitive compliance work
Learn how to enable Advanced Data Protection Mode.
How long is my data retained?
Data retention depends on your plan and settings:
Free plan: 30-day default retention
Plus plan: Configurable from 1 day to 7 years, or keep indefinitely
Conversations older than your retention period are automatically deleted daily.
How secure is ISMS Copilot?
ISMS Copilot implements enterprise-grade security:
End-to-end encryption for all data
Row-level database security
Workspace isolation prevents data mixing
OAuth authentication support
EU data residency (Frankfurt)
Regular security audits
Read the complete security documentation.
Can I export my data?
Yes. You have the right to data portability under GDPR. Contact support to request a complete data export in JSON format, including:
Account information
Conversation history
Workspace configurations
File metadata
Exports are typically provided within 72 hours.
How do I delete my account?
To delete your account and all data:
Click the user menu (top right) → Help Center → Contact Support
Submit a data deletion request
Support will verify your identity and confirm
All data is permanently deleted within 30 days
Account deletion is permanent and cannot be undone. Export any needed data before requesting deletion.
AI Accuracy & Reliability
How accurate is ISMS Copilot?
ISMS Copilot is trained on a proprietary library from hundreds of real-world compliance projects, making it more accurate for compliance topics than general AI tools. However, like all AI systems, it can make mistakes.
Always verify AI-generated content, especially for critical compliance decisions, audits, or regulatory submissions. Cross-reference with official standards and consult qualified professionals.
What are AI hallucinations?
AI hallucinations occur when the AI generates confident-sounding but factually incorrect information. ISMS Copilot minimizes hallucinations through specialized training and explicit uncertainty acknowledgment, but verification remains essential.
Learn how to identify and prevent AI hallucinations.
Should I trust ISMS Copilot's compliance advice?
Use ISMS Copilot as an expert starting point, not a final authority. Best practice workflow:
Generate initial drafts with ISMS Copilot
Review for accuracy and completeness
Customize to your organizational context
Cross-reference with official standards
Have a qualified professional approve final content
Does ISMS Copilot replace compliance consultants?
No. ISMS Copilot accelerates routine tasks like policy drafting and gap analysis, but it does not replace human expertise. Use it to augment professional judgment, not substitute for it.
Think of ISMS Copilot as a junior consultant that provides first drafts requiring expert review and customization.
Can I use ISMS Copilot-generated content in audits?
Yes, but only after proper review and customization. AI-generated policies and procedures must be:
Adapted to your organizational context
Reviewed by qualified compliance professionals
Implemented and enforced (not just template-filled)
Cross-referenced with official standards
Auditors look for evidence of genuine adoption beyond generic templates.
How do I report incorrect information?
If you identify a hallucination or error:
Document the issue (your question, AI response, what was incorrect)
Contact support through Help Center
Include "Hallucination Report" in the subject line
Provide the correct information with sources
Your feedback helps improve accuracy for the entire community.
Using ISMS Copilot
How do I get better responses from ISMS Copilot?
Provide specific context in your questions:
Your organization size and industry
Specific framework version (ISO 27001:2022, not just "ISO 27001")
Current maturity level of your ISMS
Specific control or requirement you're addressing
Example: "We're a 50-person SaaS company implementing ISO 27001:2022 for the first time. What are the key steps to implement access control policies for Annex A control 5.15?"
Can I upload multiple documents to compare them?
Upload files in separate messages within the same conversation. ISMS Copilot maintains conversation context, so it can reference all previously uploaded files.
How do I save or export a conversation?
All conversations are automatically saved to your history. To export:
Copy and paste the conversation text
Take screenshots for records
Request a full data export from support (includes all conversations)
Can I share conversations with colleagues?
Currently, there's no built-in sharing feature. Copy conversation text or screenshots to share externally. Team collaboration features are coming in future updates.
How do I delete a workspace?
Workspace deletion is available through the workspace management interface. Deleting a workspace permanently removes all associated conversations and settings.
Workspace deletion cannot be undone. Export any needed conversations before deleting a workspace.
Account Management
How do I change my email address?
Contact support through the Help Center to request an email address change. Support will verify your identity and update your account.
How do I update my password?
If you signed up with email and password:
Sign out of ISMS Copilot
Click "Forgot Password" on the login screen
Follow the password reset instructions sent to your email
If you use Google or Microsoft authentication, manage your password through those providers.
How do I enable two-factor authentication (2FA)?
2FA is managed through your authentication provider:
Google or Microsoft accounts: Configure through your Google/Microsoft account settings
Email/password accounts: 2FA features are coming soon
Can I use ISMS Copilot on mobile devices?
Yes. ISMS Copilot is web-based and works on mobile browsers. For the best experience, use the latest version of Chrome, Safari, or Edge on your mobile device.
Technical & Troubleshooting
Why am I getting rate limit errors?
Free plan users have daily message limits. If you hit the limit:
Wait until the next day for the limit to reset
Upgrade to Plus for unlimited daily messages
Why did my file upload fail?
Common file upload issues:
File too large: Maximum 10 MB per file
Unsupported format: Only PDF, DOC, DOCX, XLS, XLSX, CSV, JSON, TXT supported
Network issue: Check internet connection and retry
Upload quota exceeded: Wait for quota reset or upgrade to Plus
See full troubleshooting guide.
Why can't I see my conversation history?
Check that:
You're logged into the correct account
You're viewing the correct workspace
Conversations haven't exceeded your retention period
Your browser isn't blocking storage
If conversations are missing, contact support immediately.
The AI is taking a long time to respond. What should I do?
Processing times vary based on:
Complexity of your question
Size of uploaded files
Current system load
Most responses arrive within 10-30 seconds. If processing exceeds 5 minutes, refresh the page and try again. Contact support if issues persist.
What browsers are supported?
ISMS Copilot works best on:
Chrome (latest version)
Firefox (latest version)
Safari (latest version)
Edge (latest version)
For optimal performance, keep your browser updated.
Billing & Payments
What payment methods do you accept?
ISMS Copilot accepts:
Credit cards (Visa, Mastercard, American Express)
Debit cards
Bank transfers (for annual plans)
All payments are processed securely through Stripe.
How do I update my payment method?
Click user menu (top right) → Manage Subscription
This opens the Stripe customer portal
Go to Payment Methods
Update your card or payment details
Where can I find my invoices?
Open Manage Subscription (Stripe portal)
Navigate to Invoices section
Download or view past invoices
What happens if my payment fails?
If a payment fails:
You'll receive an email notification
Update your payment method in the Stripe portal
Stripe will automatically retry the payment
Service may be interrupted if payment remains unsuccessful
Do you offer refunds?
Contact support to discuss refund requests. Refund policies are evaluated case-by-case based on usage and circumstances.
Compliance & Legal
Is ISMS Copilot affiliated with ISO or other standards bodies?
No. ISMS Copilot is an independent software tool. It is not affiliated with, endorsed by, or officially recognized by ISO, AICPA (SOC 2), or other standards organizations.
Can I include ISMS Copilot in my GDPR compliance documentation?
Yes. Organizations using ISMS Copilot should:
Document ISMS Copilot in your Register of Processing Activities
Include in Data Protection Impact Assessments (if processing sensitive data)
Review our Register of Processing Activities for reference
Add ISMS Copilot to your data processing agreements if handling client data
Where can I find your Data Processing Agreement (DPA)?
ISMS Copilot provides a standard DPA for customers processing personal data. Review the DPA here.
Do you have a Privacy Policy and Terms of Service?
Yes. Review our:
Integration & Compatibility
Does ISMS Copilot integrate with GRC platforms?
ISMS Copilot works alongside GRC platforms like Vanta, Drata, Sprinto, and Scrut. Use ISMS Copilot for AI-powered guidance while managing evidence and workflows in your GRC platform.
Learn how to use ISMS Copilot with:
Can I use ISMS Copilot offline?
No. ISMS Copilot is a cloud-based service that requires an internet connection to access AI processing and your conversation history.
Is there an API available?
API access is planned for future releases. Contact support to express interest and be notified when API access becomes available.
Comparison to Other Tools
How is ISMS Copilot different from ChatGPT?
Key differences:
Specialized training: ISMS Copilot trained on real compliance projects vs. general internet content
Data privacy: Never uses your data for AI training (ChatGPT free tier may)
Compliance focus: Purpose-built for ISMS work vs. general-purpose tool
EU data residency: Database storage in EU vs. US-based
Lower hallucination risk: For compliance topics
Read the full ISMS Copilot vs ChatGPT comparison.
Should I use ISMS Copilot or hire a consultant?
Use both. ISMS Copilot accelerates routine compliance work, while consultants provide strategic expertise and audit readiness. Many consultants use ISMS Copilot to improve efficiency.
Learn when to choose a GRC platform, consultant, or both.
Getting Help
How do I contact support?
Access support through:
Click user menu (top right) → Help Center
Submit a support ticket through the form
Include detailed description of your issue
Plus subscribers receive priority support with faster response times.
What support response times can I expect?
Free plan: Community support, best-effort response
Plus plan: Priority support, typically within 24-48 hours
Is there a community forum?
Community features are in development. Check back soon for updates on user forums and collaboration spaces.
What's Next
Welcome to ISMS Copilot - Platform overview
ISMS Copilot User Guide - Complete documentation
Create your account and get started
Review subscription plans and upgrade
Still Have Questions?
If your question isn't answered here:
Search the User Guide for detailed documentation
Check the Troubleshooting Guide for technical issues
Contact support through the Help Center menu
Visit the Trust Center for security and compliance details