search
LoginStart for Free

FAQ

Compiled from questions asked during enterprise security reviews and procurement processes. For topics covered in detail elsewhere, answers are kept brief with links.

hashtag
Data & Privacy

Q: Where is my data stored? A: Exclusively in the EU. See Data Hosting & Residency.

Q: Is data encrypted in transit and at rest? A: Yes. TLS 1.2+ in transit, AES-256 at rest. See Security Controls — Data Encryption.

Q: How is my data separated from other customers' data? A: Logical separation per customer at application, database, and file levels. See Security Controls — Architecture.

Q: What happens to my data after contract termination? A: See Security Controls — Deletion of Customer Data.

Q: Is the production environment isolated from dev/test? A: Yes. Fully isolated.

hashtag
Infrastructure & Hosting

Q: Is ilert hosted in the cloud or on-premises? A: Cloud-hosted SaaS on AWS, EU-only. No on-premises option.

Q: What are ilert's RTO and RPO? A: RTO ≤ 60 min, RPO ≤ 15 min. See Availability.

Q: Does ilert use multiple telecom providers? A: Yes — Twilio, Vonage, MessageBird. Automatic failover between them. See Availability.

hashtag
Access Control & Authentication

Q: Does ilert support SSO? A: Yes. SAML 2.0 and OAuth2, with auto-provisioning, role mapping, and team mapping.

Q: Does ilert support MFA? A: Yes. Authenticator apps and security keys. Can be enforced organization-wide.

Q: Does ilert support SCIM? A: Yes. Automated user provisioning and deprovisioning from identity providers (Okta, Azure AD, etc.).

Q: Does ilert support Terraform / configuration as code? A: Yes. Official Terraform provider at registry.terraform.io/providers/ilert/ilertarrow-up-right. REST API for all functions.

Q: Can mobile device access be restricted? A: Yes. Mobile device PINs can be enforced for the ilert app.

hashtag
Compliance & Certifications

Q: Is ilert ISO 27001 certified? A: Yes. See ISO 27001. Certificate available upon request.

Q: Is ilert SOC 2 certified? A: SOC 2 Type II is on ilert's roadmap. ilert currently holds ISO 27001.

Q: Does ilert support DORA? A: Yes. See DORA Compliance.

Q: Does ilert conduct penetration tests? A: Yes. Annual external pentests, quarterly vulnerability scans. Reports available under NDA. See Penetration Testing.

Q: Does ilert have cyber insurance? A: Yes. Coverage includes product liability.

Q: Can customers audit ilert? A: Yes. One remote audit per year without fee. See ISO 27001 — Audit Rights.

hashtag
Incident Response & Business Continuity

Q: How quickly does ilert notify customers of security incidents? A: Within 4 hours for Major ICT Incidents (DORA), within 72 hours for GDPR-relevant breaches. Operational incidents are posted immediately on status.ilert.comarrow-up-right. See Security Controls — Incident Management.

Q: Does ilert provide forensic support after incidents? A: Yes. Fee-free assistance for investigation, forensics, regulator queries, and final reports.

Q: Is support included in pricing? A: Yes. All plans include support. Enterprise adds 24/7 emergency phone support. See Availability — Support.

hashtag
AI Features & Data Processing

Q: Where is AI-related data stored? A: In Germany, on German-based infrastructure, ensuring compliance with EU data sovereignty requirements.

Q: Is ilert's AI trained on customer data? A: No. ilert's AI features (AI Investigator) are not trained on customer data. Data from one customer is never used to train models accessible to other customers. The AI operates only on customer-provided incident and monitoring data for delivering incident response services.

Q: Who owns the output generated by AI features? A: The customer retains full ownership of input data and AI-generated outputs. Outputs are not repurposed by ilert.

Q: Does ilert's AI make autonomous decisions? A: No. All AI outputs are advisory only. Recommendations are reviewed and acted upon by customer personnel. This is consistent with GDPR Article 22 (right not to be subject to solely automated decisions).

Q: Is ilert's AI using continual learning on my data? A: No. The AI does not retrain models from customer data. Customer data is not used to improve global models.

Q: How are AI outputs auditable? A: All AI-driven suggestions are logged in incident timelines alongside regular events and clearly attributed as AI-generated.

Q: What data does the AI process? A: Customer-provided incident and monitoring data, which may include personal contact details for on-call management (phone numbers, emails). Processed under GDPR, ISO 27001, and the DPA. Special categories of personal data (health, biometric) are not used.

Q: Can another customer's model be trained on my data? A: No. Customer data isolation is enforced. No cross-customer training occurs.

Q: Does ilert offer a private LLM? A: No.

hashtag
Legal & Contracts

Q: Can ilert sign our DPA? A: ilert provides a standard Data Processing Agreement compliant with Art. 28 GDPR. If you require a custom DPA, contact [email protected]envelope.

Q: Can ilert sign an NDA? A: Yes. ilert can provide a separate NDA or include NDA terms in the master service agreement.

Q: Can ilert provide a security annex? A: Yes. The DPA includes a Security Annex. The technical and organizational measures are documented at Security Controls.

Q: Is there an escrow agreement in place? A: No. ilert does not currently offer source code escrow agreements.

Q: Where can I find ilert's sub-processor list? A: Sub-processor List.

Q: What happens to my data after contract termination? A: See Security Controls — Deletion of Customer Data.

For questions not covered here, contact [email protected]envelope.

PreviousImprint

Last updated

Was this helpful?