Document Change Log
Version 1.0 - Effective 2026-07-08 - Change log
Template document: review by a qualified data-protection lawyer or DPO before commercial reliance. Not legal advice.
This page is the canonical record of changes to Amaigo's legal and compliance documents, including changes to our sub-processor list. See the Subprocessor Change Notification Policy for how we notify clients of sub-processor changes.
How versioning works
- Every document carries a version number and effective date in its header.
- Major versions (1.0 to 2.0) mark substantive legal changes: new obligations, changed commitments, new data flows.
- Minor versions (2.0 to 2.1) mark clarifications and corrections that do not change the legal substance.
- Prior versions are retained in our records and are available on request at [email protected].
- The
consentPolicyVersionrecorded against each lead references the version of the Consent Notice in force when consent was given.
Sub-processor changes
| Date | Change | Notice given |
|---|---|---|
| 2026-07-07 | Baseline list published (see Sub-processors) | n/a (initial publication) |
Document history
| Document | Version | Effective | Summary of changes |
|---|---|---|---|
| Privacy Policy | 2.0 | 2026-07-08 | Dual EU GDPR and UK GDPR coverage, per-purpose lawful-bases table, AI processing section, DPF plus SCC-fallback transfers, ICO and EU complaint routes, honest DPO statement. |
| Cookie Notice | 2.0 | 2026-07-08 | UK PECR and EU ePrivacy dual references, strictly-necessary exemption reasoning, every widget localStorage key listed with purpose and lifetime. |
| Data Processing Agreement | 2.0 | 2026-07-08 | Full Article 28(3)(a)-(h) rewrite: auto-incorporation, chapeau table, 30-day sub-processor notice with objection and pro-rata refund, 48-hour breach notice, audit clause, Annexes A-D including quantified TOMs and the UK Addendum. |
| Sub-processors | 2.0 | 2026-07-08 | Five-column register with data categories and transfer mechanisms, AI providers flagged with a no-training line, on-page notice and subscription regime. |
| Terms of Service | 2.0 | 2026-07-08 | Incorporation-by-reference framework with precedence clause, AI service terms including Article 50 disclosure duties, no-automated-rejection design commitment, change-notice process. Commercial terms unchanged. |
| Security Overview | 2.0 | 2026-07-08 | Named hosting map, key and secret management, honest certification roadmap, pointer to the pre-answered security questionnaire. |
| Data Retention Policy | 2.0 | 2026-07-08 | Per-record-type retention table including backups and browser storage, 90-180 day recommendation for non-engaged sensitive intake. |
| Data Subject Requests | 2.0 | 2026-07-08 | Dual timelines, controller-versus-processor routing table, real export and erasure endpoints, 5-business-day processor assistance commitment. |
| Breach Response | 2.0 | 2026-07-08 | Operational runbook with severity classes, forensics phase, 48-hour controller notification commitment, controller reminder table. |
| DPIA Template | 2.0 | 2026-07-08 | ICO screening block and a pre-filled AI-specific risk table with Whistle mitigations and the automated-decision-making design position. |
| Records of Processing (ROPA) | 2.0 | 2026-07-08 | Two pre-filled Article 30 records (processor and controller capacities) with a dual-jurisdiction note. |
| Consent Notice | 2.0 | 2026-07-08 | Rewritten to match the shipped widget exactly: tier 1 submission-as-consent card, tier 2 required checkbox with separate marketing opt-in, honest AI-disclosure description. |
| AI Transparency Notice | 1.0 | 2026-07-08 | New: AI disclosure under EU AI Act Article 50, redaction-first data flow, provider no-training terms, confidentiality and privilege positioning for law firms, ethics vetting map. |
| Acceptable Use Policy | 1.0 | 2026-07-08 | New: general and AI-specific prohibitions keeping deployments outside high-risk EU AI Act territory. |
| Service Level Agreement | 1.0 | 2026-07-08 | New: 99.5% monthly availability target, exclusions, single-tier 10% credit, chronic-failure termination right. |
| Subprocessor Change Notification Policy | 1.0 | 2026-07-08 | New: 30-day advance email notice, notice contents, objection procedure, emergency replacement rules. |
| Transfer Risk Assessment | 1.0 | 2026-07-08 | New: six-step EDPB template pre-filled for the AI sub-processor transfer with completion fields. |
| Security Questionnaire | 1.0 | 2026-07-08 | New: about 43 pre-answered due-diligence questions mapped to legal-ethics vendor vetting. |
| Client Onboarding SOP | 1.0 | 2026-07-08 | New: the eight-step compliance onboarding procedure mirroring the generated client pack. |
| All documents | 1.0 | 2026-07-01 | Initial GDPR-aligned template set published. |
This document is a GDPR-aligned template and must be reviewed by a qualified data-protection lawyer or DPO before commercial reliance. It is not legal advice.