The service AI use EU AI Act Liability Your obligations Termination Governing law Contact

The service

Aileth is a software-as-a-service platform for ISO 27001:2022 compliance gap analysis. The service analyses your uploaded compliance documentation against the acceptance criteria for each of the 93 Annex A controls and returns per-criterion verdicts (PRESENT, PARTIAL, or MISSING) with supporting reasoning.

Aileth is operated by:

OperatorAileth
LocationApeldoorn, Netherlands
Emailinfo@aileth.eu

By using the Aileth platform, you agree to these terms. If you do not agree, do not use the service.

How AI is used

Aileth uses a language model (LLM) as part of its document analysis pipeline. The model receives short fragments of your uploaded documentation — selected by semantic relevance to a specific ISO 27001 control — and returns a structured assessment against predefined acceptance criteria.

Which AI

The language model runs on Scaleway's EU-hosted generative AI infrastructure (Paris, France). This is a small, open model — not a US-based commercial AI provider. Your data is never sent to OpenAI, Microsoft Azure OpenAI, Google, or Anthropic. The model is not trained on your data.

  • EU-only processing — model inference runs in Paris, France
  • No US cloud — not subject to the US CLOUD Act
  • No training on your data — your documents do not influence the model
  • Minimal data exposure — only short, semantically-relevant fragments are sent per inference call, not full documents

What the AI output means

AI assessments are analytical support. They indicate whether your uploaded documentation contains evidence relevant to a given control's acceptance criteria. They are not:

  • a formal audit opinion
  • a certification or attestation of compliance
  • legal or professional advice
  • a guarantee of passing an ISO 27001 certification audit

The final compliance determination in any audit or certification context rests with the qualified professional conducting that process.

EU AI Act compliance

Aileth complies with Regulation (EU) 2024/1689 (the EU Artificial Intelligence Act).

Risk classification

Aileth's AI system is classified as minimal risk under the EU AI Act. ISO 27001 compliance gap analysis is a B2B advisory service; it does not make binding decisions affecting individuals' rights, access to essential services, employment, law enforcement, or any other high-risk category listed in Annex III of the Regulation.

Transparency (Article 50)

In accordance with Article 50, Aileth discloses AI use within the application interface. All AI-generated assessments are labelled as such. Users are informed that assessments are produced by a language model and require review by a qualified professional before use in a formal compliance determination.

AI transparency notice — as displayed in the application
"This service uses a small language model (LLM) running on a European cloud platform for text analysis and normalisation. Consult a certified auditor for a definitive compliance determination."

GPAI model obligations

Obligations relating to general-purpose AI models under Title VIII of the AI Act apply to the model provider (Scaleway / the upstream model licensor). Aileth is a deployer, not a provider of a general-purpose AI model, and does not place such a model on the market.

Limitation of liability

Aileth is provided as an analytical tool to support compliance work. It is not a substitute for professional audit services, legal advice, or formal certification processes.

To the maximum extent permitted by applicable law, Aileth is not liable for:

  • any compliance gap assessment that is inaccurate, incomplete, or misleading
  • decisions made on the basis of Aileth assessments without independent professional review
  • failure to obtain ISO 27001 certification or any other certification outcome
  • any regulatory finding, penalty, or enforcement action relating to your information security posture
  • loss of data due to circumstances outside Aileth's reasonable control

Where liability cannot be excluded by law, Aileth's total liability is limited to the amount paid by you for the service in the three months preceding the event giving rise to the claim.

Your obligations

By using Aileth you agree to:

  • Use the platform for your own organisation only — the service may not be used to conduct gap analyses on behalf of third parties, offered as part of a managed service, or resold in any form. Organisations wishing to use Aileth for client work should contact info@aileth.eu to discuss appropriate arrangements
  • Use the platform for legitimate compliance work — not for testing, benchmarking against competitors, or systematic extraction of the platform's analytical logic
  • Comply with applicable law — including any obligations your organisation has relating to the use of AI systems in your sector or jurisdiction
  • Not upload content you are not authorised to process — including documents belonging to third parties without appropriate authorisation
  • Review AI assessments before relying on them — do not use Aileth output as a direct substitute for professional audit judgement
  • Maintain your encryption recovery key — Aileth cannot recover access to your data if you lose it

Fair use of the platform's AI processing capacity is governed by the fair use policy in the Privacy & Data Policy.

Termination

Termination by Aileth for breach

Aileth may terminate or suspend an account with immediate effect, without prior notice, if the account holder breaches these terms. Grounds for immediate termination include but are not limited to: submitting abusive, manifestly unfounded, or automated data subject requests; systematic abuse of AI processing capacity; or any other use that is harmful to the service or other users.

Termination for breach does not entitle the account holder to a refund of any subscription fees paid, whether for the current period or any unused portion thereof.

Data following termination

Upon termination, all data associated with the account — including uploaded documents, analysis results, and account credentials — is permanently deleted. This deletion constitutes fulfilment of any outstanding right-to-erasure request under GDPR and ends Aileth's obligation to respond to further data subject requests from that account.

Re-registration after termination for cause

An account holder whose account was terminated for breach of these terms may not re-register for the service without prior written consent from Aileth. Re-registering without such consent — including under a different name, email address, or company — constitutes a breach of these terms from the moment of registration and may result in immediate termination of the new account without refund.

Although operational data (documents, analysis results) is deleted upon account termination, Aileth retains financial and invoicing records for 7 years as required by Dutch law. These records (name, email address, company, payment history) constitute sufficient basis to identify and decline re-registration attempts from previously terminated accounts.

Governing law & changes

These terms are governed by the laws of the Netherlands. Any disputes are subject to the exclusive jurisdiction of the competent courts in the Netherlands, unless mandatory consumer protection law in your country of residence provides otherwise.

Aileth may update these terms from time to time. Material changes will be communicated to active subscribers at least 30 days in advance. Continued use of the service after the effective date constitutes acceptance of the updated terms.

Contact

For questions about these terms:

Generalinfo@aileth.eu
Privacy & dataprivacy@aileth.eu

For data protection and privacy matters, see the full Privacy & Data Policy.