TrustReadinessEu
Privacy Policy Readiness
Prepare the minimum material needed for a public-facing privacy policy without pretending it is final legal copy.
Purpose
Prepare the minimum material needed for a public-facing privacy policy without pretending it is final legal copy.
Draft Inputs
| Area | Questions to answer before publication |
|---|---|
| Controller identity | Which legal person operates Prox OS at this stage? |
| Contact channel | Which email receives privacy and deletion/export requests? |
| Data categories | Account, profile, Space, app installation, source metadata, billing, logs, support messages. |
| Purposes | Account operation, product functionality, security, support, billing when live, analytics if enabled. |
| Processors | Hosting, database, analytics, payments, email, support, AI providers if used. |
| Retention | How long account, logs, billing, and support data are kept. |
| Transfers | Whether any data leaves the EU and under which vendor relationship. |
Stage Rules
- Founder Preview: keep the draft internal and avoid collecting sensitive data.
- Public Preview: collect waitlist and product-interest data minimally; do not imply broad hosted account, paid, or marketplace availability.
- Invite-only Beta: publish a plain-language Privacy Policy and request channel before hosted accounts or private Spaces collect durable user data.
- Paid SaaS: review legal basis, processors, retention, billing, and support flows.
- Marketplace: add app/creator data boundaries and third-party app responsibilities.
v0.1 Privacy Narrative Inputs
| Topic | Public wording posture |
|---|---|
| GDPR | Treat GDPR as a privacy-by-design source, not as a claim of completed compliance. |
| European data sovereignty | Emphasize user agency, exportability, deletion, auditability, and portable apps. |
| AI agents | State that real execution needs permission scopes, least privilege, manual confirmation, cost limits, audit logs, and revocation. |
| Analytics and error monitoring | Name actual tools only after implementation is confirmed; keep a future subprocessor checklist otherwise. |
| i18n | v0.1 is English-first to reduce early legal, support, and copywriting complexity, not English-only forever. |
Future Inputs Before Publication
- Controller identity and contact channel.
- Processor and subprocessor inventory.
- Analytics, error monitoring, email, payment, and AI provider posture.
- Cookie and tracking posture.
- Data retention matrix.
- Export and deletion request workflow.
- EU transfer and regional hosting notes.
- Security incident contact and escalation path.