Trust Center

Security, compliance, and trust documentation

The Ishtar AI Trust Center provides centralized access to security documentation, compliance information, and trust resources for enterprise customers and security teams.

Security One-Pager

Executive summary of Ishtar AI's security posture, key certifications and alignments, and security contact information.

Download PDF Updated: January 2025

AI/Model Risk Overview

Comprehensive overview of how we evaluate, monitor, and gate AI model releases to ensure reliability and safety.

Model Evaluation Methodology

  • Groundedness Testing: Automated evaluation of response accuracy and citation quality
  • Citation Accuracy: Verification that citations match the claims made
  • Refusal Behavior: Testing appropriate refusal of out-of-scope or unsafe requests
  • Bias Detection: Evaluation for bias in outputs across demographic groups

Monitoring and Alerting

  • Real-time monitoring of model performance metrics
  • Automated alerts for performance degradation
  • Anomaly detection for unusual patterns
  • Customer-facing dashboards for transparency

Release Gating Process

  • All model updates require evaluation baseline comparison
  • Automated regression testing before deployment
  • Human review for significant changes
  • Gradual rollout with automatic rollback on issues

Risk Assessment Framework

  • Risk scoring for each model deployment
  • Impact assessment for different failure modes
  • Mitigation strategies for identified risks
  • Regular risk reviews and updates

Data Processing Addendum (DPA)

Our standard Data Processing Addendum is available for customers who require GDPR, CCPA, or other data protection compliance.

DPA Availability

We provide a standard DPA that covers:

  • Data processing purposes and legal basis
  • Data subject rights (access, rectification, erasure, portability)
  • Data breach notification procedures
  • Subprocessor management and notification
  • Data retention and deletion requirements
  • International data transfers (Standard Contractual Clauses)

How to Request a DPA

To request a DPA:

  1. Contact your Ishtar AI account representative
  2. Or email legal@ishtar-ai.com
  3. We will provide the standard DPA within 5 business days
  4. Custom terms can be negotiated for enterprise agreements

Standard Terms Overview

Our DPA includes standard terms aligned with GDPR Article 28 requirements:

  • Processing only on documented instructions
  • Confidentiality obligations
  • Security measures (as detailed in our Security & Compliance page)
  • Subprocessor engagement procedures
  • Data subject rights assistance
  • Data breach notification (within 72 hours)
  • Deletion or return of data upon termination
  • Audit rights and compliance assistance
Request DPA

Subprocessors List

Current list of subprocessors that may process customer data on behalf of Ishtar AI.

Subprocessor Purpose Data Types Location
Amazon Web Services (AWS) Cloud infrastructure and hosting Application data, logs, backups US, EU, Asia-Pacific (customer-selectable)
Microsoft Azure Cloud infrastructure (alternative deployment) Application data, logs, backups US, EU, Asia-Pacific (customer-selectable)
Calendly Meeting scheduling Contact information, meeting metadata US

Subprocessor Notification Process

We maintain a current list of subprocessors and notify customers of any changes:

  • Advance Notice: 30 days advance notice for new subprocessors
  • Notification Method: Email to designated security contacts
  • Objection Rights: Customers may object to new subprocessors with reasonable grounds
  • Updates: This list is updated quarterly or as changes occur

Last Updated: January 2025

Status & Incident Communications

How we communicate service status and incidents to customers.

Status Page

We maintain a status page for real-time service availability and incident updates. View Status Page

Incident Communication Policy

Our incident communication process ensures transparency and timely updates:

  • Immediate Notification: Customers are notified immediately of any security incident affecting their data
  • Regular Updates: Status updates provided every 4 hours during active incidents
  • Post-Incident Report: Detailed incident report within 30 days of resolution
  • Communication Channels: Email to designated contacts, status page updates, and optional Slack/Teams integration

Uptime & SLA Commitments

  • SaaS Deployments: 99.9% uptime SLA (excluding scheduled maintenance)
  • VPC Deployments: 99.95% uptime SLA
  • Scheduled Maintenance: Advance notice of 48 hours for planned maintenance
  • Maintenance Windows: Typically scheduled during low-traffic periods

Incident Severity Levels

  • Critical: Service unavailable or security breach - 4-hour response, 24-hour resolution target
  • High: Significant degradation or security concern - 8-hour response, 72-hour resolution target
  • Medium: Partial functionality impact - 24-hour response, 7-day resolution target
  • Low: Minor issues or feature requests - 48-hour response, 30-day resolution target

Need More Information?

For detailed security questionnaires, compliance documentation, or custom agreements, please contact our team.

View Security & Compliance Contact Security Team