How is sensitive data protected?

All documents are encrypted with AES-256-GCM at rest and TLS 1.2+ in transit. A GDPR anonymization layer removes PII before any AI processing. Hosted on Vercel + Supabase (both SOC 2 Type II); Decision Intel’s own product-level audit is targeted for Q4 2026.

How long does integration take?

Less than 30 minutes. Upload documents directly, connect via OAuth for Slack, or use our REST API for bulk processing.

How does outcome tracking work?

Outcomes are detected automatically from follow-up documents, Slack messages, and web intelligence. You confirm with one click. Each reported outcome makes your future analyses more accurate.

How is Decision Intel different from ChatGPT or a general AI assistant?

ChatGPT gives one opinion from one model: ungoverned, untraceable, unaudited. Decision Intel is the reasoning audit platform. Most tools audit your data; we audit your reasoning — and catch the fatal blind spots in strategic memos before the committee does. It measures the noise in your reasoning the same way Kahneman did in the insurance underwriter study, simulates an AI boardroom of CEO, CFO, and board personas, runs what-if interventions against a 143-case public reference library, and compounds every confirmed outcome back into a calibrated Decision Quality Index your audit committee can defend. Not a chatbot; a reasoning audit, checkable from memo to outcome.

Procurement evidence

Every answer your vendor-risk team needs.

One page. Eight sections. Every claim cross-referenced to a verifiable source. Built so a F500 vendor-risk reviewer can answer their SIG / VSA / CAIQ questionnaire in one sitting without a back-and-forth email cycle.

1 · Audit metadata

SOC 2 receipts · Decision Intel + every sub-processor

Hosted on SOC 2 Type II infrastructure (Vercel + Supabase). Decision Intel’s own product-level SOC 2 Type I audit is targeted for Q4 2026, with the Type II observation window opening immediately after; in-flight controls already mirror Type II.

Targeted · SOC 2 Type I

Decision Intel Ltd. (Processor)

Application + reasoning-audit pipeline

AuditorAudit firm to be named at engagement (Big-4 or AICPA-listed Tier-1 specialist). In-flight controls already mirror Type II.

WindowTargeted Q4 2026 issuance · Type II window opens immediately after

ScopeDecision Intel application, analysis pipeline, Decision Provenance Record generation, audit-log immutability, encryption-key rotation, and access control for customer-uploaded documents.

VerificationStatus disclosed in writing on every Enterprise pilot agreement.

Attested · SOC 2 Type II

Vercel Inc. (Sub-processor)

Application hosting + edge compute

AuditorInsight Assurance · AICPA-registered

WindowContinuous · current report covers a rolling 12-month window

ScopeEdge runtime, deployment pipeline, build infrastructure, and the platform on which Decision Intel runs.

VerificationTrust portal · vercel.com/legal/soc2

Attested · SOC 2 Type II + HIPAA

Supabase Inc. (Sub-processor)

Postgres + Auth + file storage

AuditorPrescient Assurance · AICPA-registered

WindowContinuous · current report covers a rolling 12-month window

ScopeDatabase, authentication, file storage, point-in-time recovery, and backup infrastructure that holds customer documents and audit logs.

VerificationTrust portal · supabase.com/security · HIPAA BAA available on Enterprise

Attested · SOC 2 Type II

Sentry (Sub-processor)

Error monitoring

AuditorAudit firm disclosed in trust portal

WindowContinuous · current report covers a rolling 12-month window

ScopeError capture and runtime telemetry. PII scrubbing is enabled at SDK level so Sentry never receives raw document content.

VerificationTrust portal · sentry.io/trust

Attested · SOC 2 Type II + SOC 1 Type II + PCI-DSS Level 1

Stripe Inc. (Sub-processor)

Billing

AuditorAudit firm disclosed in trust portal

WindowContinuous · current report covers a rolling 12-month window

ScopeSubscription billing, payment-method storage, and invoicing. No document content flows through Stripe.

VerificationTrust portal · stripe.com/docs/security

2 · Schedule of Sub-Processors

Where data resides, who touches it, how change-notification works

The procurement-grade Schedule of Sub-Processors a F500 vendor-risk register expects. Each entry names region + service category + what data is touched + compliance posture + verification path. Change-notification SLA is contractual via the DPA.

Change-notification SLA · ≥30 days written notice via security@decision-intel.com before activation; Customer right to object in writing within 14 days, with cure path defined per DPA §6.

Vercel

Application hosting + serverless compute

RegionUS (primary) · multi-region edge for static assets

Data touchedApplication code, environment variables, server-side request handling. No persistent customer content storage.

ComplianceSOC 2 Type II · ISO 27001

Verification: https://vercel.com/legal/dpa · https://trust.vercel.com (audit reports under NDA).

Supabase

Authentication + encrypted Postgres

RegionUS (primary production region) · EU residency available on Enterprise design-partner configurations subject to confirmation before signature

Data touchedCustomer accounts, user settings, encrypted document content (AES-256-GCM at rest), audit log rows, all platform metadata.

ComplianceSOC 2 Type II · GDPR + UK GDPR DPA

Verification: https://supabase.com/dpa · https://supabase.com/security.

Google AI (Gemini)

Primary analysis model

RegionUS region · processed under no-training enterprise terms

Data touchedAnonymised document text (PII scrubbed by the GDPR anonymizer node first). No training right; logged on Vercel-side cost-tracker only.

ComplianceGoogle Cloud DPA · enterprise no-training contractual commitment

Verification: https://cloud.google.com/terms/data-processing-addendum · per-call cost telemetry on the Vercel AI Gateway dashboard.

Anthropic (Claude)

Fallback analysis model

RegionUS region · invoked only on Gemini transient errors when AI_FALLBACK_ENABLED

Data touchedAnonymised document text (same anonymizer pre-pass as Gemini). No training right.

ComplianceAnthropic Enterprise Terms · no-training contractual commitment

Verification: https://www.anthropic.com/legal/dpa.

Stripe

Subscription + per-deal payment processing

RegionUS + EU regional payment infrastructure

Data touchedBilling email, subscription state, payment intent IDs. Decision Intel never sees or stores card numbers; PCI-DSS responsibility lives with Stripe.

CompliancePCI-DSS Level 1 · SOC 1 + 2

Verification: https://stripe.com/dpa · https://stripe.com/security.

Resend

Transactional email

RegionUS (primary) · EU regional capability on request

Data touchedCustomer email address + transactional message content (auth flows, magic links, password resets, account notifications).

ComplianceSOC 2 Type II

Verification: https://resend.com/legal/dpa.

Sentry

Error + performance telemetry

RegionUS (primary)

Data touchedError stack traces, request metadata, performance spans. PII scrubbers enabled at the SDK layer; no body content captured.

ComplianceSOC 2 Type II · ISO 27001 · GDPR DPA

Verification: https://sentry.io/trust/dpa.

Cloudflare

DNS + inbound email routing

RegionGlobal edge · EU + US DNS POPs

Data touchedDNS lookups for decision-intel.com domains; inbound *@decision-intel.com email routing to founder Gmail. No persistent message storage.

ComplianceSOC 2 Type II · ISO 27001 · PCI-DSS · GDPR DPA

Verification: https://www.cloudflare.com/cloudflare-customer-dpa/.

3 · Vendor-risk questionnaire

SIG / VSA / CAIQ-shaped answers, ready to copy row-for-row

The 10 questions a F500 vendor-risk reviewer asks first, with verbatim answers + verification paths. The shape mirrors SIG / VSA / CAIQ row-shape so a procurement reviewer copies answers row-for-row instead of paraphrasing.

Are SOC 2 Type II reports issued by an independent registered auditor for the platform infrastructure?

Class · control

Yes. Vercel (application hosting + edge compute) — SOC 2 Type II by Insight Assurance, AICPA-registered, continuous rolling 12-month observation window. Supabase (Postgres + Auth + file storage) — SOC 2 Type II + HIPAA by Prescient Assurance, AICPA-registered, continuous rolling 12-month window. Both reports cover the platform on which Decision Intel runs.

Verification: vercel.com/legal/soc2 · supabase.com/security · trust portals public

Does the application processor itself hold a SOC 2 attestation?

Class · control

Decision Intel’s product-level SOC 2 Type I audit is targeted Q4 2026 issuance, with the Type II observation window opening immediately after. Audit firm to be named at engagement (Big-4 or AICPA-listed Tier-1 specialist). In-flight controls already mirror Type II requirements; the gap between today and Type I issuance is documented in the Enterprise pilot agreement.

Verification: Status disclosed in writing on every Enterprise pilot agreement.

Is data encrypted at rest and in transit?

Class · data

Yes. AES-256-GCM for documents and audit-log content at rest. TLS 1.2+ for every transit hop (browser to platform, platform to AI providers, platform to sub-processors). A GDPR + NDPR anonymization layer strips PII before any AI processing — the LLM provider never sees raw customer content with identifiers attached.

Verification: /privacy data lifecycle section · processor list with sub-processor details

What is the audit log retention window?

Class · data

Individual tier: 1 year. Strategy tier (team): 3 years. Enterprise tier: 7 years (SOX §404 internal-controls aligned). Every entry is immutable, append-only, and timestamped at write. Entries are queryable via the customer-facing AdminAuditLog UI and exportable as a single JSON bundle via the Enterprise account-data export endpoint. Custom retention (HIPAA, banking, government) is negotiable on Enterprise pilot agreement.

Verification: /security audit-log retention SLA section · contractual commitment in pilot agreement.

What is the disaster recovery posture (RPO / RTO)?

Class · continuity

Recovery Point Objective ≤ 15 minutes (Postgres WAL streaming + daily snapshots). Recovery Time Objective < 4 hours. Production region is US (Vercel + Supabase US). EU region is available on Enterprise pilot agreement; multi-region production is on the published roadmap. Annual restore drill is performed and documented; the most recent drill date is disclosed on every Enterprise pilot agreement.

Verification: /security DR/BCP section · drill date in pilot agreement.

What is the security-incident response SLA?

Class · incident

Customer notification within 72 hours of confirmed security incident affecting customer data — mirrors GDPR Art. 33 controller-notification timing as the procurement floor. Faster notification (24 hours / 12 hours) is negotiable on Enterprise pilot agreement when the customer’s own regulatory posture requires it. A written incident report is delivered within 7 days of notification, including root cause, scope of affected records, remediation steps, and the controls hardened to prevent recurrence.

Verification: Pilot agreement · incident report template available on request.

What is the standard liability cap?

Class · contractual

12 months of fees paid by Controller in the 12 months immediately before the claim, excluding (a) breach of confidentiality, (b) wilful misconduct, (c) third-party IP indemnities, and (d) sub-processor data-protection failures where Decision Intel is the engaging Processor. Mutual indemnification cap and uncapped third-party-IP indemnity are negotiable at Enterprise signature.

Verification: Subscription agreement § 12 · Enterprise pilot indemnification schedule.

Is cyber-liability insurance and errors-and-omissions insurance carried?

Class · contractual

On the Q1 2027 roadmap. Until carriage is live, Enterprise customers receive a written disclosure of the insurance gap and the contractual commitments that substitute for it (uncapped breach-of-confidentiality, mutual indemnification, escrowed remediation budget on request).

Verification: Enterprise pilot agreement · insurance gap disclosure clause · roadmap status updated quarterly.

Where is customer data trained on for AI improvements?

Class · data

Customer document content is never used to train, fine-tune, or evaluate any LLM (Gemini, Claude, or otherwise). Provider terms (Google Cloud Platform + Anthropic) explicitly disclaim training on enterprise inputs. The same commitment is mirrored in the DPA and every pilot agreement. Bias Genome cohort signals are derived from outcome METADATA only (bias type, decision-domain class, predicted-vs-realised quality, time-to-outcome window) — never document content, persona names, or deal terms.

Verification: DPA § Bias Genome ownership · provider terms (GCP + Anthropic enterprise DPA).

What is the data portability and exit-assistance posture on contract termination?

Class · data

Customer-owned content (every uploaded artefact + every Decision Provenance Record) is exportable as a single account-data JSON bundle at any time during the contract and within 60 days of termination. Cohort export (anonymised outcome metadata the customer organisation contributed to Bias Genome) is available on quarterly cadence on Enterprise tier. After the 60-day exit window, customer content is cryptographically destroyed; audit log entries follow the retention window above.

Verification: /api/export/account · DPA § 5 · pilot agreement termination clause.

4 · Retention SLA

Audit log retention

Every audit log entry is immutable, append-only, and timestamped at write. Entries are queryable via the AdminAuditLog UI inside the customer account and exportable as a single JSON bundle via the account-data export endpoint (Enterprise tier). The retention window starts at the entry write timestamp; expired entries are archived to cold storage for an additional 90 days before permanent deletion. When a customer leaves the platform, the active retention window survives the contract end-date so post-departure regulatory queries can still be answered.

Individual

1 year

Legal-defensible floor for individual-buyer accounts.

Strategy (team)

3 years

Mid-market default for team accounts running quarterly board cycles.

Enterprise

7 years

SOX §404 internal-controls aligned. Custom retention (HIPAA, banking, government) negotiable on pilot agreement.

5 · Contractual posture

Indemnification cap

Standard subscription contracts cap each party’s aggregate liability at 12 months of fees paid by Controller in the 12 months immediately before the claim, excluding (a) breach of confidentiality, (b) wilful misconduct, (c) third-party IP indemnities, and (d) sub-processor data-protection failures where Decision Intel is the engaging Processor. Enterprise customers may negotiate a mutual indemnification cap and an uncapped third-party-IP indemnity at signature.

Standard cap

Standard 12 months’ fees · custom mutual on request

Insurance carriage · honest gap disclosure

Cyber-liability + E&O · Q1 2027 roadmap

Cyber-liability + errors-and-omissions insurance carriage is on the Q1 2027 roadmap. Until carriage is live, Enterprise customers receive a written disclosure of the insurance gap and the contractual commitments that substitute for it: uncapped breach-of-confidentiality, mutual indemnification, and an escrowed remediation budget on request. We surface this gap explicitly rather than burying it because procurement-grade transparency is the procurement signal — performative gaps survive vendor-risk register review; hidden gaps do not.

6 · Data ownership

Bias Genome data ownership posture

Five contractual commitments governing what happens to Customer content vs. anonymised outcome metadata when an organisation contributes to the Bias Genome cohort signal.

Customer-owned: document content

Always · no exceptions

Every uploaded strategic memo, board deck, IC document, and reasoning artefact remains Customer property. Decision Intel processes the content under the DPA and never claims any IP, derived-work, or training right over the source bytes. The same posture applies to Decision Provenance Records: the artefact is Customer-owned, signed by Decision Intel.

Platform-aggregated: outcome metadata only

Anonymised · opt-in

Bias Genome cohort signals are derived exclusively from outcome METADATA: bias type, decision-domain class, predicted-vs-realised quality, time-to-outcome window. Document content, persona names, deal terms, and any text fragments are NEVER part of the cohort signal. When cross-organisation aggregation activates it runs server-side behind a k-anonymity floor of at least 3 contributing organisations per signal, so no single organisation is identifiable; today the Bias Genome is computed on a seed corpus, not customer data. The aggregation is opt-in and can be disabled per organisation in Settings &rsaquo; Org without affecting the rest of the product.

Withdrawal path

One-click · 30-day backfill

A Customer who joins the cohort and later opts out can request that prior outcome-metadata contributions be withdrawn from future Bias Genome computations. Withdrawal completes within 30 days; the backfill is logged to the Customer-visible audit log so the action is auditable. Already-published cohort statistics that incorporated the contribution are not retroactively recomputed (they are timestamped artefacts), but the Customer is excluded from every subsequent computation.

No model training on Customer data

Contractual

Customer document content is never used to train, fine-tune, or evaluate any large language model: Gemini, Claude, or otherwise. Provider terms (Google Cloud Platform + Anthropic) explicitly disclaim training on enterprise inputs. The same commitment is mirrored in the DPA and every pilot agreement.

Cohort export on Enterprise

On request

Enterprise customers contributing outcome metadata may request a quarterly extract of the cohort signal their organisation contributed to, anonymised, in CSV + JSON. Useful for internal calibration audits and audit-committee briefings.

7 · Documents

DPA template + DPR specimens

Download the redline-ready DPA + a specimen Decision Provenance Record (hashed, tamper-evident) so your legal team can review the contractual + operational shape before any conversation.

DPA template (PDF)

Read-only procurement reference.

DPA template (DOCX)

Word-native, redline-ready with Track Changes.

DPR specimen · WeWork S-1

US public-market shape · 15 pages.

DPR specimen · Pan-African industrial

Cross-border EM shape · 15 pages.

AI Verify alignment · AI Verify is a self-assessment governance framework codified by the AI Verify Foundation (Singapore IMDA, aligned with EU and OECD). The Foundation does not certify products. Decision Intel’s alignment with the 11 internationally-recognised AI governance principles is self-attested; no third-party audit has yet been performed against this mapping.

8 · Evidentiary standard

Evidentiary standard · audit-trail continuity

Every Decision Provenance Record carries a single evidentiary-standard fingerprint that binds, in one citable token, the DQI methodology version, the SHA-256 hash of the audited document, the prompt fingerprint, the DQI weight-resolution hash, and the record schema. The fingerprint is deterministic: the same decision audited under the same standard produces the same token, so two DPRs are provably from the same engine state by comparing one string.

Continuity · Your EU AI Act Article 14 and Basel III Pillar 2 ICAAP audit trail is constructed on these fingerprints. Any change to the audit standard — methodology version, weight resolution, or scoring engine — produces a different fingerprint and is versioned and disclosed against the prior records. The continuity is the point: once an audit committee has built a multi-year reasoning-provenance trail on a consistent evidentiary standard, moving the same decisions to a different audit method is not a silent switch — it is a documented change of evidentiary standard a regulator can see across the record series.

9 · Procurement contact

Direct line to the security + procurement inbox

For SOC 2 reports under NDA, additional sub-processor questions, custom DPA redlines, or vendor-risk-register pre-fill requests.

Security inbox

security@decision-intel.com

Routed via Cloudflare Email Routing to the founder. Response SLA < 1 business day.

Run the Enterprise quote builder

Every claim on this page cross-references a canonical source in the codebase. When the posture changes (SOC 2 Type I issues / new sub-processor activates / indemnification cap shifts), the change lands in src/lib/constants/trust-copy.ts first and propagates here, to /security, /privacy, and the DPR cover. No drift.

Procurement evidence

Every answer your vendor-risk team needs.

1 · Audit metadata

SOC 2 receipts · Decision Intel + every sub-processor

Targeted · SOC 2 Type I

Decision Intel Ltd. (Processor)

Application + reasoning-audit pipeline

AuditorAudit firm to be named at engagement (Big-4 or AICPA-listed Tier-1 specialist). In-flight controls already mirror Type II.

WindowTargeted Q4 2026 issuance · Type II window opens immediately after

ScopeDecision Intel application, analysis pipeline, Decision Provenance Record generation, audit-log immutability, encryption-key rotation, and access control for customer-uploaded documents.

VerificationStatus disclosed in writing on every Enterprise pilot agreement.

Attested · SOC 2 Type II

Vercel Inc. (Sub-processor)

Application hosting + edge compute

AuditorInsight Assurance · AICPA-registered

WindowContinuous · current report covers a rolling 12-month window

ScopeEdge runtime, deployment pipeline, build infrastructure, and the platform on which Decision Intel runs.

VerificationTrust portal · vercel.com/legal/soc2

Attested · SOC 2 Type II + HIPAA

Supabase Inc. (Sub-processor)

Postgres + Auth + file storage

AuditorPrescient Assurance · AICPA-registered

WindowContinuous · current report covers a rolling 12-month window

ScopeDatabase, authentication, file storage, point-in-time recovery, and backup infrastructure that holds customer documents and audit logs.

VerificationTrust portal · supabase.com/security · HIPAA BAA available on Enterprise

Attested · SOC 2 Type II

Sentry (Sub-processor)

Error monitoring

AuditorAudit firm disclosed in trust portal

WindowContinuous · current report covers a rolling 12-month window

ScopeError capture and runtime telemetry. PII scrubbing is enabled at SDK level so Sentry never receives raw document content.

VerificationTrust portal · sentry.io/trust

Attested · SOC 2 Type II + SOC 1 Type II + PCI-DSS Level 1

Stripe Inc. (Sub-processor)

Billing

AuditorAudit firm disclosed in trust portal

WindowContinuous · current report covers a rolling 12-month window

ScopeSubscription billing, payment-method storage, and invoicing. No document content flows through Stripe.

VerificationTrust portal · stripe.com/docs/security

2 · Schedule of Sub-Processors

Where data resides, who touches it, how change-notification works

Change-notification SLA · ≥30 days written notice via security@decision-intel.com before activation; Customer right to object in writing within 14 days, with cure path defined per DPA §6.

Vercel

Application hosting + serverless compute

RegionUS (primary) · multi-region edge for static assets

Data touchedApplication code, environment variables, server-side request handling. No persistent customer content storage.

ComplianceSOC 2 Type II · ISO 27001

Verification: https://vercel.com/legal/dpa · https://trust.vercel.com (audit reports under NDA).

Supabase

Authentication + encrypted Postgres

RegionUS (primary production region) · EU residency available on Enterprise design-partner configurations subject to confirmation before signature

Data touchedCustomer accounts, user settings, encrypted document content (AES-256-GCM at rest), audit log rows, all platform metadata.

ComplianceSOC 2 Type II · GDPR + UK GDPR DPA

Verification: https://supabase.com/dpa · https://supabase.com/security.

Google AI (Gemini)

Primary analysis model

RegionUS region · processed under no-training enterprise terms

Data touchedAnonymised document text (PII scrubbed by the GDPR anonymizer node first). No training right; logged on Vercel-side cost-tracker only.

ComplianceGoogle Cloud DPA · enterprise no-training contractual commitment

Verification: https://cloud.google.com/terms/data-processing-addendum · per-call cost telemetry on the Vercel AI Gateway dashboard.

Anthropic (Claude)

Fallback analysis model

RegionUS region · invoked only on Gemini transient errors when AI_FALLBACK_ENABLED

Data touchedAnonymised document text (same anonymizer pre-pass as Gemini). No training right.

ComplianceAnthropic Enterprise Terms · no-training contractual commitment

Verification: https://www.anthropic.com/legal/dpa.

Stripe

Subscription + per-deal payment processing

RegionUS + EU regional payment infrastructure

Data touchedBilling email, subscription state, payment intent IDs. Decision Intel never sees or stores card numbers; PCI-DSS responsibility lives with Stripe.

CompliancePCI-DSS Level 1 · SOC 1 + 2

Verification: https://stripe.com/dpa · https://stripe.com/security.

Resend

Transactional email

RegionUS (primary) · EU regional capability on request

Data touchedCustomer email address + transactional message content (auth flows, magic links, password resets, account notifications).

ComplianceSOC 2 Type II

Verification: https://resend.com/legal/dpa.

Sentry

Error + performance telemetry

RegionUS (primary)

Data touchedError stack traces, request metadata, performance spans. PII scrubbers enabled at the SDK layer; no body content captured.

ComplianceSOC 2 Type II · ISO 27001 · GDPR DPA

Verification: https://sentry.io/trust/dpa.

Cloudflare

DNS + inbound email routing

RegionGlobal edge · EU + US DNS POPs

Data touchedDNS lookups for decision-intel.com domains; inbound *@decision-intel.com email routing to founder Gmail. No persistent message storage.

ComplianceSOC 2 Type II · ISO 27001 · PCI-DSS · GDPR DPA

Verification: https://www.cloudflare.com/cloudflare-customer-dpa/.

3 · Vendor-risk questionnaire

SIG / VSA / CAIQ-shaped answers, ready to copy row-for-row

Are SOC 2 Type II reports issued by an independent registered auditor for the platform infrastructure?

Class · control

Verification: vercel.com/legal/soc2 · supabase.com/security · trust portals public

Does the application processor itself hold a SOC 2 attestation?

Class · control

Verification: Status disclosed in writing on every Enterprise pilot agreement.

Is data encrypted at rest and in transit?

Class · data

Verification: /privacy data lifecycle section · processor list with sub-processor details

What is the audit log retention window?

Class · data

Verification: /security audit-log retention SLA section · contractual commitment in pilot agreement.

What is the disaster recovery posture (RPO / RTO)?

Class · continuity

Verification: /security DR/BCP section · drill date in pilot agreement.

What is the security-incident response SLA?

Class · incident

Verification: Pilot agreement · incident report template available on request.

What is the standard liability cap?

Class · contractual

Verification: Subscription agreement § 12 · Enterprise pilot indemnification schedule.

Is cyber-liability insurance and errors-and-omissions insurance carried?

Class · contractual

Verification: Enterprise pilot agreement · insurance gap disclosure clause · roadmap status updated quarterly.

Where is customer data trained on for AI improvements?

Class · data

Verification: DPA § Bias Genome ownership · provider terms (GCP + Anthropic enterprise DPA).

What is the data portability and exit-assistance posture on contract termination?

Class · data

Verification: /api/export/account · DPA § 5 · pilot agreement termination clause.

4 · Retention SLA

Audit log retention

Individual

1 year

Legal-defensible floor for individual-buyer accounts.

Strategy (team)

3 years

Mid-market default for team accounts running quarterly board cycles.

Enterprise

7 years

SOX §404 internal-controls aligned. Custom retention (HIPAA, banking, government) negotiable on pilot agreement.

5 · Contractual posture

Indemnification cap

Standard cap

Standard 12 months’ fees · custom mutual on request

Insurance carriage · honest gap disclosure

Cyber-liability + E&O · Q1 2027 roadmap

6 · Data ownership

Bias Genome data ownership posture

Five contractual commitments governing what happens to Customer content vs. anonymised outcome metadata when an organisation contributes to the Bias Genome cohort signal.

Customer-owned: document content

Always · no exceptions

Platform-aggregated: outcome metadata only

Anonymised · opt-in

Withdrawal path

One-click · 30-day backfill

No model training on Customer data

Contractual

Cohort export on Enterprise

On request

7 · Documents

DPA template + DPR specimens

Download the redline-ready DPA + a specimen Decision Provenance Record (hashed, tamper-evident) so your legal team can review the contractual + operational shape before any conversation.

DPA template (PDF)

Read-only procurement reference.

DPA template (DOCX)

Word-native, redline-ready with Track Changes.

DPR specimen · WeWork S-1

US public-market shape · 15 pages.

DPR specimen · Pan-African industrial

Cross-border EM shape · 15 pages.

8 · Evidentiary standard