GDPR, DSA, NIS 2, AI Act, GPSR, DPO — plus a hosted trust hub. All handled through one engagement, with named representatives in every member state that needs one, and a single point of contact for every regulator. So you never face Brussels alone.
Most companies don't need every product. Privacy Center covers the public-facing surface; the representatives cover the legal obligations one regulation at a time. We'll show you the minimum viable stack for your shape.
The answers determine the minimum viable compliance setup for your company. We'll only include what the regulations actually require for your shape of business.
Hosted trust hub at privacy.yourdomain.com. Unified DSR inbox, versioned policies, sub-processor register, incident log.
Outsourced DPO for teams processing personal data at scale. Article 37–39 obligations, fully named and filed.
Article 27 coverage, named EU entity, DPA correspondence in 24 languages, ROPA builder.
Article 13 legal rep, notice-and-action endpoint, statement-of-reasons filings, transparency reporting.
Article 26 rep, 24 / 72 / 30-day incident reporting, risk management framework, board training.
Article 22 / 54 appointment, Annex IV technical file, conformity assessment, post-market monitoring.
Article 16 responsible person for consumer goods. Safety Gate monitoring, marketplace compliance, recall playbooks.
Each representative is a separate legal mandate. But they share one contact, one inbox, one archive. Regulators, auditors, and your team all work with the same address.
Your customer-facing trust hub. DSRs, policies, sub-processors.
GDPR · DSA · NIS 2 · AI Act · GPSR — one address, every mandate.
Your dedicated team. 24-language correspondence, audit-ready archive.
Privacy Center is your public-facing trust surface. Customers, auditors, and regulators all land on the same page — policies versioned, DSRs triaged, certifications on display.
The representatives are your legal backstop. One named EU entity carries every mandate. When a DPA, DSC, CSIRT, market-surveillance authority, or CNIL case officer writes in, the response comes from the same desk, in the right language, on deadline.
Our counsel team is what makes it feel like one product. You get one Slack channel, one monthly summary, one export for every audit.
GDPR Representative, Privacy Center, and the representation that fits your product — DSA, NIS 2, AI Act, or GPSR. One engagement, one invoice, one team.
Almost never. Most companies need Privacy Center + GDPR Representative as the baseline, then one additional product based on what they do: DSA if users post or trade on the platform, NIS 2 if they provide digital infrastructure, AI Act if they ship AI systems, GPSR if they sell consumer goods. Use the recommender above to see your minimum stack.
Yes. Privacy Center is free to start. GDPR Representative is usually the first paid add-on. You can add specialty representations when you trigger those regulations — typically on a launch or feature milestone.
One master service agreement covers every product. Each product has its own addendum for the specific legal mandate, but the MSA, liability caps, and termination clauses are identical across the stack.
We can run you alongside them for one billing cycle to make sure there's no continuity gap, then file the switch with your lead DPA. 30-day termination, no punitive clauses from us.
Our EU legal entity is the named representative on every appointment. You sign a one-page mandate per product. We handle the filings, the authority-facing address, and every inbound inquiry.
Law firms bill by the hour and don't become your named representative. We're your representative on record — a standing legal address, an inbox, a response protocol — plus we retain counsel for the adversarial moments. The hourly-billing model doesn't scale to continuous compliance.
30-minute discovery call. Your minimum viable stack mapped and priced. Representatives appointed in days, not quarters.