Processing purpose
SPM processes customer data to ingest memory, structure context, retrieve relevant information, generate context packs, operate sharing, maintain audit evidence and administer the service.
Data Processing Addendum
Data processing approach for enterprise customers.
SPM's DPA model is built around tenant boundaries, documented processing purposes, subprocessors, retention controls, security measures and export/deletion workflows.
Updated May 18, 2026
Controller and processor roles
The customer is generally controller for its project memory and user data. SPM acts as processor for hosted services and as software provider for self-hosted/private deployments.
Security measures
Security measures include tenant scoping, role and scope checks, token controls, hash verification, audit trails, retention settings, legal holds and deployment-specific encryption controls.
Subprocessors
Hosted deployments may rely on infrastructure, object storage, email, billing and identity providers. Enterprise/private deployments can bind subprocessors to the customer-approved stack.
Return and deletion
SPM provides export, backup, deletion and legal-hold workflows so customers can manage return or deletion of project memory at contract end.