Security & data handling
Compliance Pre-Check is designed as a lightweight review workflow. The goal is transparency, minimal retention, and a clear boundary around what the tool does.
Core principles
- HTTPS for all website traffic
- Least-privilege access for operators
- Temporary processing where possible
- Clear scope: pre-check, not legal advice
AI usage
The scan uses structured prompts and checklist-based scoring. AI assists with clause matching and gap highlighting, but results should still be reviewed by a human.
Practical tip Avoid uploading raw customer datasets. Use policies, handbooks, and internal governance documents instead.
Retention & deletion
A sensible MVP default is “process and delete”:
- Documents deleted after scan, or within a short time window
- Only limited scan metadata retained where needed
- Optional customer-controlled retention for future audit workflows
Trust boundaries
When you run a scan, document text may be processed by an AI provider. That boundary should be disclosed clearly in your privacy and terms documentation.
You control what you upload, and the product should encourage policy-level documentation rather than sensitive datasets.