PoliSync.ai

Home

Policy Delivery

Platform

FAQs

Request delivery

Sign In

Data Processing Agreement

For GDPR Article 28 Compliance

Last Updated: 08 December 2025

1. Parties

This Data Processing Agreement forms part of the Terms of Service between:

  • Controller: You, the customer or workspace owner
  • Processor: CogniOps Studio Ltd, trading as PoliSync.ai

2. Purpose of Processing

We process personal data only to provide the Service, including:

  • Authentication
  • Workspace management
  • Policy generation
  • Staff invitations
  • Activity logs
  • Billing
  • Support

We do not process data for our own purposes.

3. Categories of Data

  • User identity data such as name and email
  • Staff email addresses
  • Policy content, whether uploaded or generated
  • Activity logs
  • Subscription and billing metadata

We do not intentionally process sensitive or special-category data.

4. Sub-Processors

We use approved sub-processors, including:

  • Supabase, for hosting, authentication, and database
  • Stripe, for payments
  • AI provider, for policy generation using minimal structured input

A complete list is available on request and may be updated.

5. Security Measures

We implement measures such as:

  • Encryption at rest and in transit
  • Access controls
  • Password hashing
  • Logging and monitoring

Sub-processors must maintain comparable protections.

6. International Transfers

Data may be transferred outside the UK or EU using Standard Contractual Clauses or other lawful transfer mechanisms.

7. Data Subject Rights

We assist Controllers in fulfilling rights requests, including:

  • Access
  • Rectification
  • Deletion
  • Restriction

Requests may be sent to: security@polisync.ai

8. Data Retention and Deletion

Upon account closure:

  • Workspace content is deleted or anonymised
  • Backups retain data for a limited period
  • Billing records are kept as required by law

9. Confidentiality

Staff and contractors are bound by confidentiality obligations.

10. Audits

On reasonable request, we provide documentation demonstrating compliance, such as internal policies, diagrams, and architecture summaries.

11. Breach Notification

If a breach affects customer data, we notify you without undue delay and provide details, an impact assessment, and remediation steps.

12. Termination

When the main agreement ends, this DPA continues to apply for ongoing retention and deletion obligations.

Data Processing Agreement

For GDPR Article 28 Compliance

Last Updated: 08 December 2025

1. Parties

This Data Processing Agreement forms part of the Terms of Service between:

  • Controller: You, the customer or workspace owner
  • Processor: CogniOps Studio Ltd, trading as PoliSync.ai

2. Purpose of Processing

We process personal data only to provide the Service, including:

  • Authentication
  • Workspace management
  • Policy generation
  • Staff invitations
  • Activity logs
  • Billing
  • Support

We do not process data for our own purposes.

3. Categories of Data

  • User identity data such as name and email
  • Staff email addresses
  • Policy content, whether uploaded or generated
  • Activity logs
  • Subscription and billing metadata

We do not intentionally process sensitive or special-category data.

4. Sub-Processors

We use approved sub-processors, including:

  • Supabase, for hosting, authentication, and database
  • Stripe, for payments
  • AI provider, for policy generation using minimal structured input

A complete list is available on request and may be updated.

5. Security Measures

We implement measures such as:

  • Encryption at rest and in transit
  • Access controls
  • Password hashing
  • Logging and monitoring

Sub-processors must maintain comparable protections.

6. International Transfers

Data may be transferred outside the UK or EU using Standard Contractual Clauses or other lawful transfer mechanisms.

7. Data Subject Rights

We assist Controllers in fulfilling rights requests, including:

  • Access
  • Rectification
  • Deletion
  • Restriction

Requests may be sent to: security@polisync.ai

8. Data Retention and Deletion

Upon account closure:

  • Workspace content is deleted or anonymised
  • Backups retain data for a limited period
  • Billing records are kept as required by law

9. Confidentiality

Staff and contractors are bound by confidentiality obligations.

10. Audits

On reasonable request, we provide documentation demonstrating compliance, such as internal policies, diagrams, and architecture summaries.

11. Breach Notification

If a breach affects customer data, we notify you without undue delay and provide details, an impact assessment, and remediation steps.

12. Termination

When the main agreement ends, this DPA continues to apply for ongoing retention and deletion obligations.

Data Processing Agreement

For GDPR Article 28 Compliance

Last Updated: 08 December 2025

1. Parties

This Data Processing Agreement forms part of the Terms of Service between:

  • Controller: You, the customer or workspace owner
  • Processor: CogniOps Studio Ltd, trading as PoliSync.ai

2. Purpose of Processing

We process personal data only to provide the Service, including:

  • Authentication
  • Workspace management
  • Policy generation
  • Staff invitations
  • Activity logs
  • Billing
  • Support

We do not process data for our own purposes.

3. Categories of Data

  • User identity data such as name and email
  • Staff email addresses
  • Policy content, whether uploaded or generated
  • Activity logs
  • Subscription and billing metadata

We do not intentionally process sensitive or special-category data.

4. Sub-Processors

We use approved sub-processors, including:

  • Supabase, for hosting, authentication, and database
  • Stripe, for payments
  • AI provider, for policy generation using minimal structured input

A complete list is available on request and may be updated.

5. Security Measures

We implement measures such as:

  • Encryption at rest and in transit
  • Access controls
  • Password hashing
  • Logging and monitoring

Sub-processors must maintain comparable protections.

6. International Transfers

Data may be transferred outside the UK or EU using Standard Contractual Clauses or other lawful transfer mechanisms.

7. Data Subject Rights

We assist Controllers in fulfilling rights requests, including:

  • Access
  • Rectification
  • Deletion
  • Restriction

Requests may be sent to: security@polisync.ai

8. Data Retention and Deletion

Upon account closure:

  • Workspace content is deleted or anonymised
  • Backups retain data for a limited period
  • Billing records are kept as required by law

9. Confidentiality

Staff and contractors are bound by confidentiality obligations.

10. Audits

On reasonable request, we provide documentation demonstrating compliance, such as internal policies, diagrams, and architecture summaries.

11. Breach Notification

If a breach affects customer data, we notify you without undue delay and provide details, an impact assessment, and remediation steps.

12. Termination

When the main agreement ends, this DPA continues to apply for ongoing retention and deletion obligations.