GDPR Processor Security Policy Generator
Document your Technical and Organisational Measures (TOMs) under GDPR Art. 28(3)(c). Cover encryption, access control, incident response, audit rights, and sub-processor obligations.
Organisation Details
Typical Controller Types
Who are your typical customers (controllers)?
Certifications & Assessments
π Related Guides
π¦ Build Your Full Compliance Stack
Generate all the documents your SaaS needs.
Privacy Policy
GDPR, CCPA & global-compliant privacy policy for your SaaS.
Terms of Service
Limit liability, define usage rules, protect your IP.
Cookie Policy
ePrivacy & GDPR compliant cookie disclosure.
Refund Policy
Clear refund rules that reduce chargebacks & disputes.
Acceptable Use Policy
Prohibit abuse, define enforcement, meet DSA requirements.
GDPR Data Processing Agreement
Article 28 DPA for your processor relationships.
HIPAA Business Associate Agreement
Required before handling PHI on behalf of covered entities.
NDA Generator
Mutual or one-way NDAs for contractors, investors & partnerships.
Information Security Policy
SOC 2βready InfoSec policy covering access control, encryption, and incident response.
Incident Response Plan
NIST-structured IRP with severity playbooks, CSIRT roles, and GDPR 72-hour breach notification.
DPIA Template Generator
GDPR Art. 35 Data Protection Impact Assessment with risk table and necessity test.
Data Retention Policy
GDPR-compliant retention schedule with per-category periods, deletion procedures, and legal basis table.
CCPA / CPRA Compliance Pack
Notice at Collection, Do Not Sell or Share opt-out page, and California Consumer Privacy Rights summary.
Sub-Processor List
GDPR Art. 28(4) public sub-processor list with 40+ pre-loaded vendors, transfer mechanisms, and DPA links.
BCP / DRP Plan
Business Continuity & Disaster Recovery Plan covering RTO/RPO, SOC 2 A1, GDPR Art. 32, and recovery playbooks.
Vendor Risk Assessment
Security questionnaire to send to new SaaS vendors before onboarding β covers data security, privacy, and compliance.
DSR Response Template
GDPR-compliant response letters for Data Subject Requests β access, erasure, portability, rectification, restriction, and objection.
Employee Privacy Notice
GDPR Art. 13 compliant privacy notice for employees, contractors, and job applicants β covering HR data and lawful bases.
GDPR Article 30 RoPA
Form-based Records of Processing Activities builder. Document each processing activity with lawful basis, retention, recipients, and transfers.
SOC 2 Gap Assessment
Evaluate your security controls against SOC 2 Trust Service Criteria. Get a gap report with prioritised remediation roadmap.
ISO 27001 Gap Assessment
Assess your readiness for ISO/IEC 27001:2022 certification across 28 Annex A controls. Gap report + remediation roadmap.
EU AI Act Declaration
Generate an Art. 50 transparency declaration and provider/deployer compliance documentation for your AI system.
NIS2 Compliance Checklist
Assess all 10 NIS2 Art. 21 cybersecurity requirements and get a scored gap report for EU digital service providers.
HIPAA Security Risk Assessment
Generate a HIPAA SRA covering all Administrative, Technical, and Physical Safeguards. Required for CEs and BAs.
GDPR Transfer Impact Assessment (TIA)
Generate a Schrems II-compliant TIA for international data transfers. Covers SCCs, DPF, UK IDTA, and country risk analysis.
PCI DSS SAQ Generator
Generate a PCI DSS v4.0 Self-Assessment Questionnaire. Covers SAQ A, SAQ A-EP, SAQ C, and SAQ D.
LGPD (Brazil) Compliance Pack
Generate Aviso de Coleta, Data Subject Rights Summary, and LGPD Privacy Policy addendum for Brazil compliance.
TPRM Policy Generator
Generate a complete Third-Party Risk Management policy with vendor tiers, due diligence, and monitoring controls.
Cookie Consent Audit
Audit your CMP configuration, cookie banner design, consent records, and Google Consent Mode v2 against GDPR and ePrivacy requirements.
GDPR LIA Generator
Generate a documented Legitimate Interests Assessment (LIA) for GDPR Art. 6(1)(f) processing activities. 3-step balancing test.
AI/ML Model Card Generator
Generate an EU AI Act Art. 53 Model Card for your AI system. Covers GPAI documentation, risk classification, bias evaluation, and safety measures.
Whistleblower Policy Generator
Generate a Whistleblower Policy compliant with EU Directive 2019/1937 and UK PIDA. Anti-retaliation protections, reporting channels, GDPR data handling.
AI Acceptable Use Policy
Generate an AI AUP covering EU AI Act obligations, prohibited inputs/outputs, bias disclosures, human oversight levels, and enforcement mechanisms.
Children's Privacy Policy
COPPA & GDPR Art. 8 children's privacy notice with parental consent framework, age verification, data minimisation, and UK Children's Code compliance.
GDPR Breach Notification
Generate an Art. 33 DPA supervisory authority notification form, Art. 34 individual notification letter, and Art. 33(5) breach register entry.
SOC 2 Evidence Pack
Personalised SOC 2 evidence collection checklist by Trust Service Criteria control area β with exact evidence items, auditor expectations, and how to collect using AWS, GitHub, and common SaaS tools.
Trust Centre Page
Generate a complete security & compliance Trust Centre page for your SaaS website β certifications, infrastructure, encryption, pen testing, privacy, and a security FAQ for enterprise prospects.
AI Privacy Impact Assessment
Generate a GDPR Art. 35 DPIA specifically for AI systems β EU AI Act risk classification, automated decision-making analysis (Art. 22), bias assessment, and human oversight documentation.
ISO 27701 PIMS Gap Assessment
Assess readiness for ISO/IEC 27701:2019 PIMS certification β the privacy extension to ISO 27001. 26 controls, Annex A (controller) + Annex B (processor), GDPR alignment map.
Security Awareness Training Policy
Generate a complete Security Awareness Training Policy mapped to SOC 2 CC1.4, ISO 27001 A.6.3, HIPAA Β§164.308(a)(5), NIS2 Art. 21(2)(g), PCI DSS Req 12.6 β training schedule, phishing simulation, tracking, consequences.
DSAR Policy & Procedure
Generate an internal GDPR data subject access request policy β intake channels, identity verification, per-right procedures, timelines, refusal grounds, DSR register, escalation, and audit logging.
AI Risk Register
Generate a comprehensive AI risk register covering EU AI Act compliance, GDPR Art. 22, algorithmic bias, prompt injection, model drift, and ISO 42001 β with inherent risk scores and mitigation plans.
Internal IT & BYOD Policy
Generate an Internal IT Acceptable Use and BYOD Policy. Covers device controls, network access, cloud apps, remote work, monitoring disclosure, and SOC 2 / ISO 27001 compliance.
Access Control Policy
Generate a complete Access Control Policy covering RBAC, least privilege, MFA, privileged access management, user provisioning/deprovisioning, access reviews, and remote access controls.
Data Classification Policy
Generate a Data Classification Policy with tiered classification levels (Public/Internal/Confidential/Restricted), handling standards, storage controls, labelling guidance, and disposal procedures.
Vulnerability Management Policy
Generate a Vulnerability Management & Patch Management Policy with scanning cadence, CVSS severity classification, remediation timelines, exception handling, and compliance framework mappings (SOC 2 CC7.1, ISO 27001 A.8.8, PCI DSS, NIS2).
Cryptography & Encryption Policy
Generate a Cryptography & Encryption Policy with approved algorithms, encryption at rest and in transit, key management lifecycle, TLS standards, and compliance mappings (ISO 27001 A.10, SOC 2 CC6.7, GDPR Art. 32, HIPAA, PCI DSS).
Secure SDLC Policy
Generate a Secure Software Development Lifecycle (SDLC) Policy covering code review requirements, CI/CD security scanning, secrets management, environment separation, and deployment authorisation controls.
DORA ICT Risk Management Policy
Generate a DORA-compliant ICT Risk Management Policy covering identification, protection, detection, response, recovery, and resilience testing for financial entities and ICT third-party service providers.