Password & Authentication Policy Generator

Privacy Policy

GDPR, CCPA & global-compliant privacy policy for your SaaS.

Terms of Service

Limit liability, define usage rules, protect your IP.

Cookie Policy

ePrivacy & GDPR compliant cookie disclosure.

Refund Policy

Clear refund rules that reduce chargebacks & disputes.

Acceptable Use Policy

Prohibit abuse, define enforcement, meet DSA requirements.

GDPR Data Processing Agreement

Article 28 DPA for your processor relationships.

HIPAA Business Associate Agreement

Required before handling PHI on behalf of covered entities.

NDA Generator

Mutual or one-way NDAs for contractors, investors & partnerships.

Information Security Policy

SOC 2–ready InfoSec policy covering access control, encryption, and incident response.

Incident Response Plan

NIST-structured IRP with severity playbooks, CSIRT roles, and GDPR 72-hour breach notification.

DPIA Template Generator

GDPR Art. 35 Data Protection Impact Assessment with risk table and necessity test.

Data Retention Policy

GDPR-compliant retention schedule with per-category periods, deletion procedures, and legal basis table.

CCPA / CPRA Compliance Pack

Notice at Collection, Do Not Sell or Share opt-out page, and California Consumer Privacy Rights summary.

Sub-Processor List

GDPR Art. 28(4) public sub-processor list with 40+ pre-loaded vendors, transfer mechanisms, and DPA links.

BCP / DRP Plan

Business Continuity & Disaster Recovery Plan covering RTO/RPO, SOC 2 A1, GDPR Art. 32, and recovery playbooks.

Vendor Risk Assessment

Security questionnaire to send to new SaaS vendors before onboarding — covers data security, privacy, and compliance.

DSR Response Template

GDPR-compliant response letters for Data Subject Requests — access, erasure, portability, rectification, restriction, and objection.

Employee Privacy Notice

GDPR Art. 13 compliant privacy notice for employees, contractors, and job applicants — covering HR data and lawful bases.

GDPR Article 30 RoPA

Form-based Records of Processing Activities builder. Document each processing activity with lawful basis, retention, recipients, and transfers.

SOC 2 Gap Assessment

Evaluate your security controls against SOC 2 Trust Service Criteria. Get a gap report with prioritised remediation roadmap.

ISO 27001 Gap Assessment

Assess your readiness for ISO/IEC 27001:2022 certification across 28 Annex A controls. Gap report + remediation roadmap.

EU AI Act Declaration

Generate an Art. 50 transparency declaration and provider/deployer compliance documentation for your AI system.

NIS2 Compliance Checklist

Assess all 10 NIS2 Art. 21 cybersecurity requirements and get a scored gap report for EU digital service providers.

HIPAA Security Risk Assessment

Generate a HIPAA SRA covering all Administrative, Technical, and Physical Safeguards. Required for CEs and BAs.

GDPR Transfer Impact Assessment (TIA)

Generate a Schrems II-compliant TIA for international data transfers. Covers SCCs, DPF, UK IDTA, and country risk analysis.

PCI DSS SAQ Generator

Generate a PCI DSS v4.0 Self-Assessment Questionnaire. Covers SAQ A, SAQ A-EP, SAQ C, and SAQ D.

LGPD (Brazil) Compliance Pack

Generate Aviso de Coleta, Data Subject Rights Summary, and LGPD Privacy Policy addendum for Brazil compliance.

TPRM Policy Generator

Generate a complete Third-Party Risk Management policy with vendor tiers, due diligence, and monitoring controls.

Cookie Consent Audit

Audit your CMP configuration, cookie banner design, consent records, and Google Consent Mode v2 against GDPR and ePrivacy requirements.

GDPR LIA Generator

Generate a documented Legitimate Interests Assessment (LIA) for GDPR Art. 6(1)(f) processing activities. 3-step balancing test.

AI/ML Model Card Generator

Generate an EU AI Act Art. 53 Model Card for your AI system. Covers GPAI documentation, risk classification, bias evaluation, and safety measures.

Whistleblower Policy Generator

Generate a Whistleblower Policy compliant with EU Directive 2019/1937 and UK PIDA. Anti-retaliation protections, reporting channels, GDPR data handling.

AI Acceptable Use Policy

Generate an AI AUP covering EU AI Act obligations, prohibited inputs/outputs, bias disclosures, human oversight levels, and enforcement mechanisms.

Children's Privacy Policy

COPPA & GDPR Art. 8 children's privacy notice with parental consent framework, age verification, data minimisation, and UK Children's Code compliance.

GDPR Breach Notification

Generate an Art. 33 DPA supervisory authority notification form, Art. 34 individual notification letter, and Art. 33(5) breach register entry.

SOC 2 Evidence Pack

Personalised SOC 2 evidence collection checklist by Trust Service Criteria control area — with exact evidence items, auditor expectations, and how to collect using AWS, GitHub, and common SaaS tools.

Trust Centre Page

Generate a complete security & compliance Trust Centre page for your SaaS website — certifications, infrastructure, encryption, pen testing, privacy, and a security FAQ for enterprise prospects.

AI Privacy Impact Assessment

Generate a GDPR Art. 35 DPIA specifically for AI systems — EU AI Act risk classification, automated decision-making analysis (Art. 22), bias assessment, and human oversight documentation.

ISO 27701 PIMS Gap Assessment

Assess readiness for ISO/IEC 27701:2019 PIMS certification — the privacy extension to ISO 27001. 26 controls, Annex A (controller) + Annex B (processor), GDPR alignment map.

Security Awareness Training Policy

Generate a complete Security Awareness Training Policy mapped to SOC 2 CC1.4, ISO 27001 A.6.3, HIPAA §164.308(a)(5), NIS2 Art. 21(2)(g), PCI DSS Req 12.6 — training schedule, phishing simulation, tracking, consequences.

DSAR Policy & Procedure

Generate an internal GDPR data subject access request policy — intake channels, identity verification, per-right procedures, timelines, refusal grounds, DSR register, escalation, and audit logging.

AI Risk Register

Generate a comprehensive AI risk register covering EU AI Act compliance, GDPR Art. 22, algorithmic bias, prompt injection, model drift, and ISO 42001 — with inherent risk scores and mitigation plans.

GDPR Processor Security Policy

Generate Art. 28(3)(c) TOMs documentation for data processors. Covers encryption, access control, incident response, audit rights, and sub-processor obligations.

Internal IT & BYOD Policy

Generate an Internal IT Acceptable Use and BYOD Policy. Covers device controls, network access, cloud apps, remote work, monitoring disclosure, and SOC 2 / ISO 27001 compliance.

Access Control Policy

Generate a complete Access Control Policy covering RBAC, least privilege, MFA, privileged access management, user provisioning/deprovisioning, access reviews, and remote access controls.

Data Classification Policy

Generate a Data Classification Policy with tiered classification levels (Public/Internal/Confidential/Restricted), handling standards, storage controls, labelling guidance, and disposal procedures.

Vulnerability Management Policy

Generate a Vulnerability Management & Patch Management Policy with scanning cadence, CVSS severity classification, remediation timelines, exception handling, and compliance framework mappings (SOC 2 CC7.1, ISO 27001 A.8.8, PCI DSS, NIS2).

Cryptography & Encryption Policy

Generate a Cryptography & Encryption Policy with approved algorithms, encryption at rest and in transit, key management lifecycle, TLS standards, and compliance mappings (ISO 27001 A.10, SOC 2 CC6.7, GDPR Art. 32, HIPAA, PCI DSS).

Secure SDLC Policy

Generate a Secure Software Development Lifecycle (SDLC) Policy covering code review requirements, CI/CD security scanning, secrets management, environment separation, and deployment authorisation controls.

DORA ICT Risk Management Policy

Generate a DORA-compliant ICT Risk Management Policy covering identification, protection, detection, response, recovery, and resilience testing for financial entities and ICT third-party service providers.

Log Management & Monitoring Policy

Generate a Log Management and Monitoring Policy covering SIEM configuration, log sources, retention requirements, alert thresholds, and compliance with SOC 2 CC7.2 and ISO 27001 A.8.15/A.8.16.

Email Security Policy

Generate an Email Security Policy covering DMARC/DKIM/SPF authentication, anti-phishing controls, BEC prevention, DLP rules, email encryption, and compliance with ISO 27001 A.8.23 and SOC 2.

Remote Work Security Policy

Generate a Remote Work & Teleworking Security Policy covering device controls, VPN requirements, home network security, data handling, cloud app controls, and physical security. Maps to ISO 27001 A.6.7, SOC 2 CC6.6, and GDPR Art. 32.