Living data protection records
Your data protection records, written once and kept current.
The toolkit turns guided answers into formal compliance documents (ROPA, TRA, LIA, DPIA), then keeps them linked and up to date as your processing changes. Records you maintain, not one-off downloads.
UK/EU hosted · encrypted · strict tenant isolation
Compliance records are easy to write and hard to keep
Records drift out of date
A ROPA written once and filed away stops matching reality the moment a process, vendor, or system changes, and nobody notices until an audit.
The same facts, re-entered everywhere
A single processing activity feeds your ROPA, your DPIAs, your transfer assessments. Maintained separately, they drift apart and contradict each other.
Audits become a scramble
When the regulator or a customer asks, you shouldn't be reconstructing months of changes from email threads and spreadsheets.
How it works
Answer guided questions
Describe each processing activity once, guided through the standard Article 30 information: purpose, lawful basis, data subjects, recipients, transfers, retention, and security.
Generate formal records
The toolkit drafts a structured ROPA from your answers using Anthropic's Claude. The result is normalised and formatted, with missing or unclear information flagged for review.
Keep them living
Records reference shared inputs, so when something changes the dependent documents are flagged for review rather than silently going stale. (Versioning and change-cascade are on the roadmap.)
The records you need, interlinked
Describe a processing activity once and reuse it across every record - the foundation of the living, linked model.
- ROPARecord of Processing Activities
Your foundational inventory of how personal data is used. Available now.
- DPIAData Protection Impact Assessment
Risk assessment for higher-risk processing. Roadmap.
- TRATransfer Risk Assessment
For personal data sent to another country. Roadmap.
- LIALegitimate Interests Assessment
Justifying reliance on legitimate interests. Roadmap.
Built for privacy-conscious buyers
This product handles records that can themselves contain personal data, so security is foundational, not a later feature.
UK/EU data residency
Your data is hosted in the EU, never defaulted to a US region.
Encrypted in transit & at rest
TLS everywhere; encryption at rest for the database.
Strict tenant isolation
Every record is scoped to your organisation at the data layer.
Append-only audit log
Significant actions are recorded, including every AI call.
Minimal data to AI
Only the necessary input is sent to the model, and it is logged.
Managed authentication
MFA-capable sign-in via a reputable managed provider.
Frequently asked questions
Is this a document generator or an ongoing service?
An ongoing service. The value is keeping records current and interlinked over time, not producing a one-off file. That's why it's a subscription.
Where is my data stored?
In the EU. The product is built to treat your records, which can contain personal data, with a security baseline from day one (encryption, tenant isolation, audit logging).
How is AI used, and is my data used to train models?
AI assists with drafting records from your answers, server-side, sending only the minimum necessary data and logging every call. Business data sent to the Anthropic API is not used to train models.
Does this replace legal advice?
No. The toolkit helps you produce and maintain your records efficiently; it is not a substitute for professional data-protection or legal advice.
Get your records in order
Create an account, capture your processing activities, and generate your first ROPA in minutes.