Terms & Conditions

1. Introduction

Welcome to Compass, a political intelligence platform operated by CL Corporate Affairs Consulting E.I., with its registered office at 1 avenue de l’Observatoire, 75006 Paris, France, registered in the French Business and Establishment Directory under number 902 992 189.

These Terms and Conditions govern your use of the Compass platform accessible at compass.cl.eu.com. By logging in and using the platform, you agree to be bound by these Terms. If you do not accept any of these provisions, you must stop using the platform.

2. Access and accounts

Access to Compass requires a user account created by an administrator. Accounts are personal and non-transferable. You are responsible for maintaining the confidentiality of your login credentials. You must notify the administrator immediately of any unauthorised use of your account.

The administrator reserves the right to deactivate any account at any time, without prior notice, in the event of a breach of these Terms or for any other legitimate reason.

3. Eligibility and access requests

Compass is intended for professionals across the full spectrum of the public affairs and institutional relations ecosystem, including in-house public affairs teams, consultancies, trade associations, think tanks, non-governmental organisations and any organisation whose activity involves engaging with policymakers.

Because Compass is built and operated by a working public affairs consultancy, access to the platform is granted in strict compliance with the ethical rules of the profession, and subject to compatibility with the professional engagements of CL Corporate Affairs Consulting and its clients. CL Corporate Affairs Consulting reserves the right to decline or revoke access where a potential conflict of interest is identified, at its sole discretion.

Account requests are reviewed on a case-by-case basis. Where a potential overlap with existing engagements exists, it will be discussed with the prospective user before access is granted or denied. Acceptance of an account does not create any obligation on CL Corporate Affairs Consulting to continue to provide access should a conflict of interest emerge during the course of the relationship.

4. Permitted use

Compass is an internal professional tool designed for public affairs practitioners. You agree to use the platform solely for lawful professional purposes related to legislative tracking, stakeholder mapping and engagement management within the framework of European Union public affairs.

The following are strictly prohibited:

• Any use of the platform for purposes unrelated to professional public affairs activities.
• Any attempt to gain unauthorised access to any part of the platform, the server, or any connected system.
• Any use of automated systems (bots, scrapers, etc.) to access the platform, except as explicitly provided by the platform itself.
• Sharing login credentials with third parties.
• Using the data accessed through Compass for purposes that would violate applicable data protection legislation.

5. Intellectual property

All content, code, design, logos and software constituting the Compass platform are the exclusive property of CL Corporate Affairs Consulting and are protected by French and international intellectual property laws. No reproduction, distribution or modification of any part of the platform is permitted without prior written consent.

Data entered by the user (notes, engagement logs, manual entries) remains the intellectual property of the user or their organisation. CL Corporate Affairs Consulting does not claim ownership of user-generated content.

6. Data and privacy

Use of the Compass platform is subject to our Privacy Policy, which explains how we collect, process and protect personal data.

The platform processes publicly available information about political stakeholders in compliance with the GDPR and in accordance with the sector-specific framework established by French public affairs professional associations in concertation with the CNIL.

7. Data processing roles and user responsibility

By using the Compass platform, the user acknowledges and accepts that they act as data controller within the meaning of Article 4(7) of the GDPR for all personal data they enter, import, modify or otherwise process within the platform. This includes, without limitation, stakeholder names, functions, positions, contact details, engagement records, notes and any other information relating to identified or identifiable natural persons.

The user is solely responsible for:

• Ensuring that their processing of personal data complies with the GDPR and any other applicable data protection legislation;
• Identifying and documenting the appropriate legal basis for each processing activity (e.g. legitimate interest, consent, legal obligation);
• Responding to any request from a data subject to exercise their rights (access, rectification, erasure, restriction, portability, objection);
• Ensuring the accuracy, relevance and proportionality of the data they enter.

CL Corporate Affairs Consulting, as operator of the Compass platform, acts exclusively as data processor within the meaning of Article 4(8) of the GDPR. CL provides the technical infrastructure, user authentication and access to the service. CL does not determine the purposes of processing stakeholder data entered by users and does not access, use or share such data for its own purposes.

These Terms and Conditions, together with the Privacy Policy, constitute the data processing agreement between the user (controller) and CL Corporate Affairs Consulting (processor) within the meaning of Article 28 of the GDPR.

8. Third-party data sources

Compass retrieves data from publicly accessible institutional sources (European Parliament, Council of the EU, European Commission, EU Transparency Register). This data is provided as-is and may be subject to change. CL Corporate Affairs Consulting does not guarantee the accuracy, completeness or timeliness of data retrieved from third-party sources.

9. AI-generated content and third-party services

Compass includes an AI layer that supports analytical tasks such as position classification, stakeholder analysis and strategic briefings. The platform uses locally hosted AI: Mistral models (developed by Mistral AI, France) served through the Ollama runtime on the Compass server within the European Union. In this setup, no data leaves the European infrastructure under the control of CL Corporate Affairs Consulting and no third party is involved.

External cloud AI providers — such as OpenAI (ChatGPT) or Anthropic (Claude) — are not currently integrated into Compass. Their integration is under consideration as a possible future addition, but no decision has been made at this stage. Should any such provider be added, it will appear in the platform settings as an explicit alternative to the local option, and activation will require a deliberate, affirmative choice by the user. No external AI provider will ever be activated without the user’s explicit selection.

User control. By using the Compass platform, you acknowledge that AI-assisted features are available through the local Mistral + Ollama setup, and that additional providers may be offered to you in the settings in the future. You remain in control of which AI provider, if any, processes your data. If you use only the local AI (the current default), no stakeholder data is transmitted to any third-party AI provider. If in the future you choose to activate an external AI provider, data related to stakeholders and legislative dossiers may at that point be transmitted to that provider via its commercial API, for the sole purpose of generating classifications, summaries and strategic briefings; this activation will always require your explicit selection and you may revert to local-only processing at any time.

Third-party provider obligations. Reputable commercial API providers contractually prohibit the use of customer data submitted via the paid API for model training, under their respective commercial terms of service. A more detailed description of the framework applicable to any future external AI provider (sub-processing, international transfers, Standard Contractual Clauses, provider documentation) is set out in Section 8 of the Privacy Policy.

AI-generated content — whether produced locally or (in the future) via a third-party provider — is provided for informational purposes only and should always be reviewed and validated by the user before being acted upon or shared externally. CL Corporate Affairs Consulting does not guarantee the accuracy, completeness or reliability of AI-generated outputs.

10. Limitation of liability

To the fullest extent permitted by law, CL Corporate Affairs Consulting disclaims all liability for any indirect, incidental, special, consequential or punitive damages arising out of or in connection with your use of the Compass platform, including any loss of data, reputation or business opportunity.

The platform is provided on an “as is” and “as available” basis. We do not warrant that the platform will be error-free, secure or uninterrupted.

11. Scope of our confidentiality commitment

CL Corporate Affairs Consulting contractually undertakes never to access, read, consult, analyse or otherwise use the content entered by users into the Compass platform for any purpose other than the technical operation and maintenance of the service. This commitment applies to all content, whether or not it is encrypted, and binds CL for the entire duration of the platform’s operation.

In terms of technical enforcement, this commitment operates on two distinct levels depending on the user’s configuration:

• By default (without end-to-end encryption): the content of stakeholder analyses, notes, engagement records, attributed positions and private comments is stored in a form that is technically readable by the server. The non-consultation of this content is guaranteed contractually, not technically.
• With end-to-end encryption activated: the fields listed in section 9.1 of the Privacy Policy are encrypted in the user’s browser before being stored. The server retains only a form of the data that cannot be decrypted by CL. For these specific fields, non-consultation is guaranteed both contractually and technically.

Metadata that remains unencrypted in either configuration. To preserve core platform functionality (search, alerting, enrichment), the following categories are stored without encryption and remain technically readable by the service, regardless of whether end-to-end encryption is activated: the list of dossiers a user tracks, institutional reference data drawn from public sources, timestamps, user identifiers, and functional metadata. These categories remain subject to the contractual non-consultation commitment stated above.

Narrowly defined exceptions — unencrypted data only. For data that is stored in unencrypted form on the server (whether by default configuration or because it falls outside the encryption scope described in section 9.1 of the Privacy Policy), CL may technically access and read that data in the following circumstances: (i) where required by a final and binding legal order issued by a competent authority; (ii) where strictly necessary to investigate a security incident or a substantiated breach of these Terms; or (iii) with the explicit prior authorisation of the user concerned. In case (ii), only the minimum data strictly necessary for the investigation will be accessed, and the user will be notified unless notification would compromise an ongoing investigation or a legal obligation. These three circumstances are exhaustive.

Encrypted fields — technical impossibility of access. For fields that have been encrypted with end-to-end encryption on the user’s account (as listed in section 9.1 of the Privacy Policy), CL Corporate Affairs Consulting, any third party gaining access to the servers, and any public authority seeking compelled disclosure are technically unable to read or decrypt the content, by virtue of the cryptographic design itself. The decryption key is derived from the user’s password inside their own browser and never leaves the user’s device; CL does not possess it and cannot produce it. This impossibility applies equally to the three circumstances described above: in the event of a legal order or security investigation, CL cannot retrieve the clear-text content of encrypted fields. The responsibility for the production of such data, should it become necessary for the user’s own purposes, rests exclusively with the user. This limitation is an assumed and deliberate consequence of the zero-knowledge design of the end-to-end encryption feature.

12. Confidentiality vis-à-vis third parties

All data accessible through the Compass platform, including stakeholder positions, engagement records and strategic analyses, is strictly confidential from the perspective of external third parties. Users must not disclose this information to any third party without the prior written consent of the data controller, except where required by law or where the information is already publicly available. The confidentiality commitments of CL Corporate Affairs Consulting as platform operator are separately governed by section 11 above.

13. Changes to these Terms

We reserve the right to modify these Terms and Conditions at any time. Changes will be published on this page with an updated date. Continued use of the platform following any modification constitutes acceptance of the revised Terms.

14. Governing law

These Terms and Conditions are governed by and construed in accordance with French law. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Paris, France.

15. Contact

CL Corporate Affairs Consulting
1 avenue de l’Observatoire, 75006 Paris, France
Contact: cl.eu.com/contact