Data Use

Last updated: February 1, 2026

Overview

Transparency about how we handle your data is fundamental to Compass. This page explains what data we collect, how it flows through our systems, and the controls you have over it. We designed Compass with a privacy-first approach — your data exists to serve you, not us.

What Data We Process

Product Content

PRDs, feature specs, user stories, and other documents you create within Compass. This content is processed by our AI to provide suggestions, analysis, and improvements.

Usage Analytics

Anonymized interaction data such as feature usage frequency, session duration, and navigation patterns. Used exclusively to improve the product experience.

Account Metadata

Basic account information including email, name, organization, and subscription details required to operate the Service.

Integration Data

Data synced from connected third-party tools (e.g., Jira, Linear, GitHub) when you explicitly enable integrations.

How Your Data Flows

1

Input

You create or import content into Compass. All data is encrypted in transit using TLS 1.3.

2

Processing

Content is processed by our AI systems in isolated environments. Each workspace's data is logically segregated — no cross-tenant data access is possible.

3

Storage

Data is stored encrypted at rest using AES-256. Stored in SOC 2 Type II certified data centers with geographic redundancy.

4

Output

AI-generated suggestions and outputs are delivered to you. We do not retain AI outputs beyond your active session unless you save them.

AI Model Training

We do not use your data to train AI models.

Your content, documents, and interactions are never used to train, fine-tune, or improve our foundational AI models. We use only anonymized, aggregated usage metrics to improve the product experience — never individual content.

Third-Party Sub-processors

We use a limited number of sub-processors to deliver the Service:

ProviderPurposeLocation
AWSCloud infrastructureUS, EU
StripePayment processingUS
PostHogProduct analyticsEU
ResendTransactional emailUS

Data Controls

You have full control over your data:

  • Export: Download all your data at any time in standard formats (JSON, Markdown)
  • Delete: Request complete deletion of your data, processed within 30 days
  • Retention: Configure custom data retention policies for your workspace
  • Integrations: Revoke third-party integration access at any time

Questions

For questions about how we handle your data, contact our Data Protection team at dpo@compass.pm.