Legal
Data processing.
How client data is handled inside an engagement, in plain English.
This page is a plain-English summary, updated 16 July 2026. The written terms that accompany each engagement take precedence.
Public data first
Our ladder starts where no access is needed. The free check and the standard reviews run on public data and on documents you choose to hand us; they involve no system credentials and no private operating data. Read-only access to your systems is requested only at the tiers that need it, and only once the written agreements are in place.
Read-only and draft-only by default
Any credentials we hold are read-only. We read and analyse; we do not change anything in your systems. Anything that would send, post or publish externally is prepared as a draft for your approval, and is only ever enabled after a supervised period you agree to in writing.
Your own isolated server
Each recurring client runs on their own isolated server, and your data is never commingled with another client's. Data is encrypted in transit and at rest, administrative access is restricted and protected with multi-factor authentication, credentials sit in a secrets manager rather than in plain text, and backups are taken and restore-tested.
Data minimisation
We process the minimum each service needs. Guest personal information is kept out of the AI model step wherever the work can run on de-identified or aggregated inputs, and we do not process payment-card numbers at all.
Market protection
Where an engagement involves your private data or ongoing owner-side advice, we do not take on a direct competitor in your market for the term of the work. Public checks and public-data reviews do not carry this protection, and never block a market.
Subprocessors, in plain sight
Four providers support engagement delivery, each bound by written data-protection terms:
- Hetzner hosts the per-client isolated servers, in EU regions.
- OpenRouter runs the AI models, configured for zero data retention.
- Apify collects public data.
- healthchecks.io monitors uptime and is not designed to receive client personal data.
We give clients notice of any addition or replacement of a subprocessor. The providers behind this website itself are listed on the privacy page.
If something goes wrong
We notify affected clients of a personal-data breach without undue delay, and in any event within 72 hours of becoming aware of it.
When an engagement ends
You receive an export of your data in a commonly used format, and we return or delete it, including backups, within the window set in the agreement. The isolated server is decommissioned as part of that process, and on request we confirm deletion in writing.
The binding document
A signed data processing agreement accompanies every engagement that touches private operating data. That agreement, together with the engagement's written terms, is the binding record; this page is only the summary. Deliverables are management diagnostics for your own decision-making, not for reliance by third parties.