Three sections, one destination. DPIA review state per tenant, signed DPA repository with retention timers, and the binding platform commitments Kehitys ships in every contract.
Awaiting artifact or review.
Cleared for pre-launch.
2 unsigned · 1 expired.
Hard-coded by Kehitys, not tenant-controlled.
Bible §5 K7 — kanban-style queue. Approve and reject both require a reason field that lands in the audit log and on the DPIA record.
| Tenant | Status | Required | Reviewer | Last activity | Outcome notes |
|---|---|---|---|---|---|
Publicis Sweden — Centenary 100 Kehitys | Completed | Yes (Art. 9) | review@kehitys.se | 20 May 2026 | Allergy data (Art. 9) processed under explicit consent, retained 90 days post-event. Approved for pre-launch. |
Ericsson — 150 Years Kehitys | In progress | Yes (Art. 9) | — | Screening 22 May 2026 | Awaiting controller artifact — Ericsson legal drafting in parallel with their internal DPO. |
Nordic Gala 2027 Nordic Studio | Screening | No | — | — | — |
Pressroom 2025 (retired) Team Press | Completed | No | review@kehitys.se | 4 Jun 2025 | No Art. 9 data; not required. Artifact retained for 7-year audit window. |
Versioned. Retention timers tracked. Open a row to see the tenant detail panel; DPA renegotiation requires step-up + reason.
| Tenant | Document | Status | Signed by | Signed | Expires | Open |
|---|---|---|---|---|---|---|
Publicis Sweden — Centenary 100 | DPA-2026.1 | Signed | Anna Sjölund · General Counsel | 19 May 2026 | 19 May 2028 | Tenant → |
Ericsson — 150 Years | DPA-2026.1 | Unsigned | — | — | No expiry | Tenant → |
Nordic Gala 2027 | DPA-2026.1 | Unsigned | — | — | No expiry | Tenant → |
Pressroom 2025 (retired) | DPA-2024.2 | Expired | Karl Berg · CEO | 30 May 2025 | 30 May 2026 | Tenant → |
Hard-coded commitments shipped with every tenant contract. Not editable in this console — changes require a PRD update + platform DPIA re-review.
Kehitys will not aggregate, anonymise, or sell tenant guest data for any marketing, training, or third-party purpose.
GDPR Art. 5 purpose-limitation; commercial guardrail in PRD-B §customer-success.
Tenant isolation is enforced at the Postgres row level. Application bugs cannot leak across tenants.
Architecture §1 — RLS is the only isolation primitive.
No tenant content, RSVP response, or guest PII enters any model-training pipeline (Kehitys or vendor).
GDPR Art. 5 + customer-trust commitment.
All guest emails are sent on behalf of the tenant from the tenant's verified sending domain.
Eliminates impersonation risk and keeps the tenant in operational control.
Cookie banners are symmetric, optional consent is never pre-checked, cancellation is single-confirm + restore.
EDPB, FTC Click-to-Cancel — UX bible §8.