Continuum – Data Protection Impact Assessment (template)
About this template
If you use Continuum to record information about people you manage in the EU or UK, you or your employer are likely the data controller for those notes and may need a Data Protection Impact Assessment (DPIA). This is pre-filled with how Continuum works; you fill in the parts about your own use. It is a starting point, not legal advice — check with your organisation's data-protection lead.
1. What the processing is
Pre-filled: a manager records provisional, opinion-framed beliefs and timestamped observations about people they manage, each belief carrying a confidence level, with optional signals the manager tags. Data is stored on the manager's device. It is never shared with the developer or reported upward.
You add: who you record (team size), your purpose, and how often.
2. Necessity and proportionality
- Lawful basis: employee consent is generally not valid (the employer–employee power imbalance means it is not freely given). Most controllers rely on legitimate interests — document the interest and why it outweighs the impact. (You complete.)
- Data minimisation: confirm you record only what is needed and exclude special-category data (health, religion, politics, union membership, sexual orientation). (You confirm.)
- Retention: how long you keep notes and when you delete them. (You state.)
- Data-subject rights: how you would respond to an access, correction, or deletion request. (You describe.)
3. Risks to the people recorded
Rate each for likelihood and severity:
- They are unaware the notes exist (transparency).
- A belief is inaccurate or unfair and influences a decision.
- Special-category data is recorded inadvertently.
- The device is lost or accessed by someone else.
4. Measures
Continuum provides today: opinion framing, confidence and revisability, local-only storage, no developer access, and no analytics or telemetry.
You should: minimise and exclude sensitive data, keep a retention habit, avoid sole-basis decisions, decide whether and how to be transparent with the people you record, and secure your device (passcode, disk encryption).
5. Outcome and sign-off
You complete: your assessment of residual risk, approval, and a review date.
Related
Last update
This privacy policy was last updated on June 8, 2026. It may change from time to time — be sure to consult the last update date.
Contact
If you have any questions or concerns, please contact us.