Register of Processing Activities (RoPA)
The Register of Processing Activities (RoPA) documents all personal data processing activities carried out by ISMS Copilot in compliance with GDPR Article 30. It serves as the authoritative record of how data is collected, processed, stored, and protected.
Key Points
9 processing activities documented: User authentication, AI chat processing, content moderation, file uploads, payments, analytics, infrastructure, email communications, and Slack integration.
Complete sub-processor list: Includes all third-party processors with locations, retention periods, and DPA status — maintained and updated on the Trust Center.
AI routing by plan and setting: Routing function
selectChatModel(adpEnabled, userPlan)determines whether you use Mistral (EU, zero retention), Anthropic (paid, US), or OpenRouter (free, US via vetted providers).Content moderation always Mistral: All chat messages are screened by Mistral's moderation API regardless of your AI provider setting — flagged metadata retained for 12 months.
User-controlled retention: Conversation history retention (1 day to 7 years) configured in Settings → Data Protection.
Canonical Document
For the complete Register of Processing Activities including all processing activities, sub-processor details, technical and organizational measures, and data subject rights procedures, visit our Trust Center:
View the Register of Processing Activities on the Trust Center →
This is the authoritative source for all processing records, sub-processor information, and GDPR compliance documentation.