Risks, mitigations, and decisions.

FirstNinety processes sensitive workplace context (probation status, manager dynamics, mental load) and uses an LLM for coaching. Both characteristics trigger an ICO DPIA requirement.

Data subjects: individual paying users. Data categories: name (optional), email, declared career context, free-text journal entries, AI conversation transcripts. Recipients: Anthropic (LLM), Supabase (storage), Resend (transactional email), PostHog (analytics). Retention: until the user deletes their account.

Documented in pre-launch consultations with three pilot users and the data controller. Findings folder maintained internally.

The processing is necessary to deliver role-aware coaching at all — generic LLM access without context does not constitute coaching. We minimise by never ingesting from employer systems, never storing real names of third parties, and never training models on user content.

• Re-identification of colleagues via narrative content.
• Inappropriate AI advice on legal or medical questions.
• Inappropriate retention beyond the user’s active use.

• Active onboarding prompt to anonymise third parties.
• Safety guardrails on Coach + Situation Room with fixed referral pathways for crisis, harassment, and discrimination topics.
• One-tap delete of all account data from Settings » Privacy.
• Row-level security on every user-owned table; service-role usage logged.

Reviewed and signed by the data controller (AkomzyAi Consulting Ltd) prior to public launch. Re-reviewed on each significant feature change.