Compounding Context

This page summarises the data processing agreement (DPA) that forms part of every client contract. The executed agreement is provided at signup; a countersigned copy is available on request at office@compoundingcontext.io.

Roles

For material you connect or upload — your writing, and optionally working material such as email or meeting notes — you are the controller and we are the processor. Where that material contains personal data about third parties, you remain the controller of it, and we process it only on your documented instructions.

Purpose and scope of processing

We process client material for one purpose: producing and quality-assuring your own public content. Specifically, we:

We do not use client material to train models, and we do not permit our sub-processors to.

Confidentiality commitments

Security measures

Sub-processors

We use the minimum set of sub-processors needed to run the service, each bound by a DPA with equivalent protections, listed at /subprocessors. We give notice before adding or replacing a sub-processor, and you may object on reasonable grounds.

International transfers

Processing is EU-based by design. Where any sub-processor involves a transfer outside the EU/EEA, it is covered by Standard Contractual Clauses or an adequacy decision, as noted in the sub-processor list.

Deletion and offboarding

On termination, or at your request: we revoke all connected-account access, cryptographically destroy your data-encryption keys, and delete your stored material, indexes, and backups within thirty days. We confirm completion in writing.

Assistance and audit

We assist you with data-subject requests and regulator inquiries that concern material we process for you, and we make available the information reasonably necessary to demonstrate compliance with this agreement.