What we actually produce for you
Audit-ready documents, not slideware. These are real deliverables generated through our platform and finalized by our attorneys — anonymized here to a fictional company, Meridian Retail Group.
Privacy program & data mapping
The system of record: a board-ready program report and a maintained Record of Processing Activities.
Privacy Program Report
PDF19-page snapshot: data inventory, assets by type, vendor coverage, DSAR timeliness, and Article 9 safeguards.
Records of Processing Activities (RoPA)
PDFGDPR Article 30 register of every processing activity — purposes, legal bases, data categories, recipients and retention.
Vendor & third-party risk
Processor and sub-processor inventory with criticality, DPA coverage and certifications.
Vendor & Sub-processor Register
PDFGDPR Article 28 register: 42 vendors scored by criticality, DPA-on-file coverage, and top certifications (ISO 27001, SOC 2…).
Assessments — DPIA · LIA · custom
Impact and legitimate-interest assessments produced per processing activity or vendor.
DPIA — Customer Analytics Platform
PDFData Protection Impact Assessment: necessity, proportionality, risks to data subjects and mitigations.
LIA — Salesforce CDP
PDFLegitimate Interests Assessment: purpose, necessity and balancing test for a customer data platform.
LIA — mParticle
PDFLegitimate Interests Assessment for a customer-data infrastructure vendor.
LIA — Customer Analytics & BI
PDFLegitimate Interests Assessment for an internal analytics and business-intelligence use case.
LIA — Fraud Detection & Prevention
PDFLegitimate Interests Assessment for fraud-prevention processing.
Privacy Review — Loyalty Program
PDFCustom assessment of a rewards / loyalty program's data flows and disclosures.
Privacy Review — SMS Marketing Campaign
PDFCustom assessment of consent, opt-out and data handling for a new SMS marketing campaign.
Breach & incident
A maintained register for personal-data breaches and the 72-hour clock.
Personal Data Breach Register
PDFIncident log with severity, affected data, notification decisions and timelines.
Privacy notices
Plain-language, customer-facing privacy centers and notices we draft and maintain.
Privacy Center (full)
WebA navigable privacy center: policy plus website/app and loyalty notices, covering CCPA sale/share, Global Privacy Control, sensitive data, a loyalty financial-incentive disclosure, and automated decisions.
Privacy Notice (plain-language)
WebA stripped-back, reader-first consumer notice: what we collect, do-not-sell/share and GPC, your choices, and rights across US states and the EU/UK.
Website Privacy Notice
WebMid-weight site notice covering cookies and pixels, advertising sale/share with GPC, session replay, analytics, and automated decisions.