Public posture. Gated detail. One place to find both.
Privacy, security, AI behaviour, and sub-processor disclosure for the PrimeTDAP platform — published in full. Deeper documentation for procurement, legal, and security review is shared on request under NDA.
Read these without asking.
The documents below are kept current and apply to every engagement on the platform.
-
Privacy Policy
Effective 2026-05-24How Primus collects, uses, shares, and protects personal data through the platform.
Read → -
Terms of Service
Effective 2026-05-24The terms that govern access to and use of the PrimeTDAP platform.
Read → -
AI Disclosure / Model Card
Effective 2026-05-24Which AI systems are in use, what data they process, how their behaviour is constrained, and how to opt out.
Read → -
Sub-Processor List
Effective 2026-05-24The third parties that process customer data on Primus's behalf via the platform.
Read → -
DPA Summary
Effective 2026-05-24Summary of our standard Data Processing Agreement. Full text on request.
Read →
Documents we share under NDA.
These cover the operational, architectural, and contract-template detail that's appropriate to share with named procurement / legal / security teams but not to publish openly.
- Request
Data Processing Agreement (full text)
The complete 18-section template that is countersigned as an addendum to the MSA. Suitable for legal review prior to a contracted engagement.
Emailed within 1 business day
- Request
Security & Compliance documentation pack
Information Security Policy, Access Control Policy, Encryption Standards, Incident Response Plan, BCP/DR Plan, Data Retention Policy, AI Use Policy, and supporting policies (21 documents in total).
Emailed within 2 business days, under NDA
- Request
Security Architecture Document
Full architectural detail of the platform — control planes, isolation boundaries, dependency diagram, threat model. Goes deeper than what's on the public Security & Compliance page.
Emailed within 2 business days, under NDA
- Request
Sub-Processor change notifications
Subscribe to receive 45-day prior-notice emails when our sub-processor list changes.
One-time confirmation email; ongoing notifications as changes occur
Already a customer? Active customers receive the doc pack automatically at engagement start and on every material update.
What we align to.
Posture is stated as aligned when controls are in place but no third-party audit has been completed, and as certified only after audit. Full posture detail is on Security & Compliance.
| Standard | Posture |
|---|---|
| OWASP Top 10 (2021) | Aligned |
| SOC 2 (TSC 2017) | Controls aligned |
| ISO 27001:2022 | Controls aligned |
| ISO 42001 (AI Management) | Partial — gap analysed |
| NIST AI Risk Management Framework | Aligned |
| EU AI Act | Classified per surface |
| NIST SP 800-61 Rev 2 | Aligned |
Where to send what.
Security incidents
Suspected unauthorized access, data exposure, anomalous AI behaviour, or any concern with platform security posture.
security@primussoft.comPrivacy & legal
Data Subject Access Requests, privacy questions, contract questions, sub-processor objections, AI compliance concerns.
legal@primussoft.comProcurement-ready documentation, on request.
If you're evaluating PrimeTDAP for a Counsel-directed engagement, the fastest path to the full posture is to request the doc pack — it arrives by email within two business days, under NDA.