top of page

                     Privacy Policy


ISO Nerd ("we," "us," or "our") respects the privacy of its users ("you" or "user"). This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal data when you use our application and services.


Last Updated: December 12th 2023

About Us

ISO Nerd is a UK Registered Company (No. 15104711), pioneering in the Governance Risk & Compliance SaaS landscape. Our vision is to revolutionize the way small, medium-sized, and large enterprises approach their Information Security Management Systems (ISMS). As the first in the market to integrate advanced AI capabilities into an ISMS SaaS solutions, we are at the forefront of innovation, ensuring our services are not only accessible and affordable but also comprehensive and cutting-edge.

We are fully committed to complying with the provisions set forth by the General Data Protection Regulation (GDPR UK and GDPR EU),  Our adherence to GDPR serves to uphold our dedication to data privacy and protection.

We are dedicated to handling your personal information lawfully, fairly, and in a transparent manner. Any personal data collected by ISO Nerd is processed for legitimate purposes and is informed to you at the time of collection.

Our mission is to empower every company to enhance their security posture and achieve ISO 27001:2022 certification without incurring excessive costs. We are dedicated to making high-standard ISMS management attainable for all enterprises, championing the gold standard of ISO 27001, and contributing to a safer, more secure digital world.

In December 2023, ISO Nerd expanded its offerings, introducing modular solutions tailored for businesses seeking to leverage AI capabilities with sensitive data. This initiative marks a significant milestone in our journey, broadening our scope to cater to a diverse range of cybersecurity needs.

Personal Data

We collect personal information, such as your name, email address, job title, and department, when you create an account. This data is securely stored within your dedicated instance, a segregated environment designed to enhance data privacy and security.

Data Upload and Storage

At ISO Nerd, we provide a secure platform for users to upload their data. To ensure the highest level of data security and privacy, any data you choose to upload is segmented into your own isolated container. This approach guarantees that your data remains distinct and secure, accessible exclusively to you and authorized personnel.

Recognizing the importance of data residency for our clients, we offer you the flexibility to select your preferred Microsoft Data Centre region for data storage. As of March 2023, Microsoft Azure boasts an extensive global network of 160 active data centers spread across 60 regions. This extensive reach allows us to cater to your specific data residency needs, ensuring compliance with regional data protection laws and providing peace of mind regarding the security and locality of your data.

AI-Powered Services

Our application uses Microsoft Azure OpenAI services to analyze and query your uploaded data. These services are designed to enhance the functionality of our application. 

As per Microsoft’s Data, privacy, and security for Azure OpenAI Service:

Your prompts (inputs) and completions (outputs), your embeddings, and your training data:

  • are NOT available to other customers.

  • are NOT available to OpenAI.

  • are NOT used to improve OpenAI models.

  • are NOT used to improve any Microsoft or 3rd party products or services.

  • are NOT used for automatically improving Azure OpenAI models for your use in your resource.

The Azure OpenAI Service is fully controlled by Microsoft; Microsoft hosts the OpenAI models in Microsoft’s Azure environment and the Service does NOT interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API).


Data Retention

At ISO Nerd, we follow a user-centric approach to data retention. While we retain your personal information and the data you upload as long as your account remains active or as necessary to provide our services, you have complete control over your data.

As the administrator of your dedicated application instance, you have the autonomy to manage your account and data. This includes the ability to delete accounts and any associated data at your discretion.

In line with our commitment to data security and to facilitate potential data recovery needs, backups of your data are maintained for a period of 30 days. After this period, backups are automatically and securely deleted, consistent with our data protection and privacy standards.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with third parties only when necessary to provide our services or if required by law.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will notify you of any changes by updating the policy on this page.

Contact Information

For any questions about this Privacy Policy, please contact us at

bottom of page