Legal
Data processing agreement
Last updated 4 July 2026
This page summarises the data processing agreement (DPA) that forms part of every client contract. The executed agreement is provided at signup; a countersigned copy is available on request at office@compoundingcontext.io.
Roles
For material you connect or upload — your writing, and optionally working material such as email or meeting notes — you are the controller and we are the processor. Where that material contains personal data about third parties, you remain the controller of it, and we process it only on your documented instructions.
Purpose and scope of processing
We process client material for one purpose: producing and quality-assuring your own public content. Specifically, we:
- store and index the material you connect or upload;
- derive synthesis from it to brief and ground your drafts;
- analyse your published writing to build and maintain your voice profile.
We do not use client material to train models, and we do not permit our sub-processors to.
Confidentiality commitments
- Material captured from your working life is never reproduced in output, verbatim or paraphrased. It reaches drafting only as synthesis.
- Material matching your declared red-lines is excluded from processing outright — not redacted and retained.
- Internal alerts and logs reference items by identifier, never by content.
- Access to raw client material is restricted and every read is audit-logged.
Security measures
- All client data is hosted in the European Union.
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Envelope encryption with a data-encryption key unique to each client on the most sensitive fields.
- Row-level tenant isolation enforced in the database, with automated tests.
- OAuth tokens for connected accounts held in an encrypted vault.
Sub-processors
We use the minimum set of sub-processors needed to run the service, each bound by a DPA with equivalent protections, listed at /subprocessors. We give notice before adding or replacing a sub-processor, and you may object on reasonable grounds.
International transfers
Processing is EU-based by design. Where any sub-processor involves a transfer outside the EU/EEA, it is covered by Standard Contractual Clauses or an adequacy decision, as noted in the sub-processor list.
Deletion and offboarding
On termination, or at your request: we revoke all connected-account access, cryptographically destroy your data-encryption keys, and delete your stored material, indexes, and backups within thirty days. We confirm completion in writing.
Assistance and audit
We assist you with data-subject requests and regulator inquiries that concern material we process for you, and we make available the information reasonably necessary to demonstrate compliance with this agreement.