BUILD+SHIP·Compass
Book a call
PRIVACY

Privacy at Compass.

A short, plain-English explanation of what we collect, why we collect it, and how to ask us to delete it.

Last updated · May 2026

Who we are

Compass is operated by MarkD Limited, a company registered in England and Wales (No. 15909858), based in Birmingham, UK. We are the data controller for the personal information described on this page.

Questions or requests: mark@buildandship.com.

What we collect

Compass is built so that the smallest amount of personal data does the most useful work. We collect:

ACCOUNT
Your name, email, and workspace name when you create or join a workspace. Authentication is handled by Supabase Auth.
ASSESSMENT RESPONSES
Your answers to the Compass assessment items. These are scored to produce your personal manual and your team's report.
MANUAL + REPORT CONTENT
The derived working-style positions, archetype, manual text, and team-level analysis generated from your responses.
AI ADVISOR HISTORY
Messages you send to the AI advisor and its replies, stored per-thread so you can pick conversations up later.
OPERATIONAL LOGS
Anonymous request and error logs (timestamps, status codes, page paths) used to keep the service running. We don't run third-party analytics or trackers.

How we use it

We use the data above only to:

  • Generate your personal manual and the team Compass report.
  • Authenticate you and the members of your workspace.
  • Power the AI advisor — it reads your team's manuals to give grounded answers.
  • Keep the service running and debug issues.

We do not use your data to train any AI model, sell it to anyone, share it with advertisers, or use it for any purpose beyond running Compass for you.

Who can see your data

Workspace admins see the manuals and team report for their own workspace. Individual members see only their own manual. No-one outside your workspace can see your data.

The Compass team accesses customer data only when you ask us to (for example, to debug a problem you've reported).

Where your data is stored

Customer data lives in a managed Postgres database operated by Supabase, hosted in the EU region. Encryption is enabled at rest, and all traffic between your browser and our servers is over TLS.

AI advisor messages and team-report synthesis calls are sent to OpenAI using their API. OpenAI does not train on data submitted through their API and stores requests only for a short abuse-monitoring window.

How long we keep it

We keep your account and assessment data for as long as your workspace is active. When you close a workspace we delete all associated data within 30 days. AI advisor threads can be deleted individually at any time from the advisor sidebar.

Your rights (UK GDPR)

You can ask us to give you a copy of your data, correct anything that's wrong, delete your data, or restrict how we use it. Email us and we'll respond within 30 days. You also have the right to complain to the ICO if you think we've handled your data badly — though we'd really rather you talked to us first.

Cookies

We use one set of cookies, set by Supabase, to keep you signed in. We don't run any tracking or advertising cookies.