Skip to content
Last updated: 2026-04-02
Guide

Documents & Records

The Documents section is your repository for privacy documentation, compliance evidence, and processing activities that form the foundation of your compliance program.

Document Types

Processing Activities

Document all ways you process personal data:

  • Name — What do you call this processing?
  • Legal Basis — GDPR/CCPA basis (contract, consent, legitimate interest, etc.)
  • Data Types — What data is involved (email, phone, purchase history, etc.)
  • Processors — Who processes this data (internal teams, third-party vendors)
  • Retention — How long you keep the data
  • Description — Plain language explanation

Manage processing activities →

Privacy Policy

Your legal privacy disclosure document.

  • Accessible at /privacy on your website
  • Linked from Transparency Center
  • Updated when processing activities change

Manage privacy policy →

Evidence of customer consent:

  • When consent was granted/withdrawn
  • What consent was granted for
  • How it was obtained (checkbox, opt-in, etc.)
  • Proof (email receipt, timestamp, etc.)

View consent records →

Data Handling Procedures

How your team processes data requests:

  • DSRR intake procedure
  • Data retrieval workflow
  • Deletion process
  • Audit procedures

Create procedure →

DPIA & Impact Assessments

Data Protection Impact Assessments for high-risk processing.

  • Risk analysis
  • Compliance evaluation
  • Mitigations
  • Necessity determination

Create DPIA →

Audit & Inspection Records

Evidence of audits and regulatory inspections:

  • Audit reports
  • Inspection findings
  • Corrective actions
  • Follow-up verification

Manage audit records →

Creating Documents

Step 1: Choose Document Type

Select what you're creating:

  • Processing Activity
  • Privacy Policy
  • Procedure
  • Assessment
  • Other

Step 2: Add Content

Use the document editor to structure your content with title, description, sections, subsections, tables, lists, links, and file attachments. All documents support version control to track changes over time.

Step 3: Review & Approve

Route documents for legal review and obtain sign-off from your Privacy Officer. Track approval history and maintain complete version records for audit purposes.

Step 4: Publish

  • Make effective immediately
  • Or schedule for future date
  • Automatically update Transparency Center
  • Archive previous versions

Managing Documents

Version Control

Every document has version history:

  • View all versions
  • See who made changes
  • Compare versions side-by-side
  • Revert to previous version if needed

Sharing

Share documents with:

  • Team members (internal)
  • Auditors (with access controls)
  • Regulators (in response to inquiries)
  • Customers (via Transparency Center)

Export

Export documents as:

  • PDF (for printing/sharing)
  • Word (.docx) (for editing)
  • Text (.txt) (for archival)
  • ZIP (for bulk export)

Linked Documents

Documents can reference each other:

  • Processing Activity links to Privacy Policy
  • DPIA references specific activity
  • Procedure references processing activity
  • Audit record references findings

Create links to maintain documentation relationships.

Compliance Calendar

Documents are tied to deadlines:

  • Processing activity review (annual)
  • Privacy policy updates (quarterly)
  • DPIA reviews (for high-risk activities)
  • Audit scheduling (annual)

View calendar in Compliance section.

Search & Organization

Full-Text Search

Search across all documents:

  • Find processing activity by name
  • Search for specific data type or processor
  • Look for documents mentioning "cookies"
  • Find documents by owner or approval status

Tags & Categories

Organize documents by:

  • Category — Type of document
  • Regulation — GDPR, CCPA, PIPEDA, etc.
  • Owner — Who maintains it
  • Status — Draft, Under Review, Approved, Archived

Filters

Filter documents by:

  • Type
  • Status
  • Regulation
  • Owner
  • Last Updated

Audit Trail

Every document change is logged:

  • Who created the document
  • When changes were made
  • What changed (document diff)
  • Who approved/published
  • When it was archived

Export audit trail for regulatory inspections.

Best Practices

  1. Keep Current — Update documents when practices change
  2. Be Specific — Generic descriptions are unhelpful
  3. Link Documents — Show relationships between activities
  4. Get Approvals — Route for legal review
  5. Archive Old Versions — Maintain history but keep current clear
  6. Regular Audits — Review annually or when practices change

Not legal advice

AI-generated content does not constitute legal advice. Consult a qualified legal professional for advice specific to your jurisdiction and business context.