1. Introduction
Welcome to Compass, a political intelligence platform operated by CL Corporate Affairs Consulting E.I. (hereinafter “CL” or “CL Corporate Affairs Consulting”, used interchangeably throughout this document), with its registered office at 1 avenue de l’Observatoire, 75006 Paris, France, and a representation office at Avenue de Tervueren 103, B-1040 Brussels, Belgium. CL Corporate Affairs Consulting is registered in the French Business and Establishment Directory under number 902 992 189.
These Terms and Conditions govern your use of the Compass platform accessible at compass.eu.com. By logging in and using the platform, you agree to be bound by these Terms. If you do not accept any of these provisions, you must stop using the platform.
2. Access and accounts
Access to Compass requires a user account created by an administrator. Accounts are personal and non-transferable. You are responsible for maintaining the confidentiality of your login credentials. You must notify the administrator immediately of any unauthorised use of your account.
The administrator reserves the right to deactivate any account at any time, without prior notice, in the event of a breach of these Terms or for any other legitimate reason.
3. Eligibility and access requests
Compass is intended for professionals across the full spectrum of the public affairs and institutional relations ecosystem, including in-house public affairs teams, consultancies, trade associations, think tanks, non-governmental organisations and any organisation whose activity involves engaging with policymakers.
Because Compass is built and operated by a working public affairs consultancy, access to the platform is granted in strict compliance with the ethical rules of the profession, and subject to compatibility with the professional engagements of CL Corporate Affairs Consulting and its clients. CL Corporate Affairs Consulting reserves the right to decline or revoke access where a potential conflict of interest is identified, at its sole discretion.
Account requests are reviewed on a case-by-case basis. Where a potential overlap with existing engagements exists, it will be discussed with the prospective user before access is granted or denied. Acceptance of an account does not create any obligation on CL Corporate Affairs Consulting to continue to provide access should a conflict of interest emerge during the course of the relationship.
Beyond this contractual and ethical framework, the platform itself is designed to give each user a high degree of verifiable control over their own data. The optional end-to-end encryption described in section 10.1 of the Privacy Policy, and the strict opt-in policy applied to any AI processing described in section 9 of the same document, are the technical translation of the ethical commitments stated in this section: where a guarantee can be enforced by the platform itself rather than only by trust, we have chosen to enforce it by the platform itself.
4. Permitted use
Compass is an internal professional tool designed for public affairs practitioners. You agree to use the platform solely for lawful professional purposes related to legislative tracking, stakeholder mapping and engagement management within the framework of European Union public affairs.
The following are strictly prohibited:
- Any use of the platform for purposes unrelated to professional public affairs activities.
- Any attempt to gain unauthorised access to any part of the platform, the server, or any connected system.
- Any use of automated systems (bots, scrapers, etc.) to access the platform, except as explicitly provided by the platform itself.
- Sharing login credentials with third parties.
- Using the data accessed through Compass for purposes that would violate applicable data protection legislation.
5. Intellectual property
All content, code, design, logos and software constituting the Compass platform are the exclusive property of CL Corporate Affairs Consulting and are protected by French and international intellectual property laws. No reproduction, distribution or modification of any part of the platform is permitted without prior written consent.
Data entered by the user (notes, engagement logs, manual entries) remains the intellectual property of the user or their organisation. CL Corporate Affairs Consulting does not claim ownership of user-generated content.
6. Data and privacy
Use of the Compass platform is subject to our Privacy Policy, which explains how we collect, process and protect personal data.
The platform processes publicly available information about political stakeholders in compliance with the GDPR and in accordance with the sector-specific framework established by French public affairs professional associations in concertation with the CNIL.
7. Data processing roles and user responsibility
By using the Compass platform, the user acknowledges and accepts that they act as data controller within the meaning of Article 4(7) of the GDPR for all personal data they enter, import, modify or otherwise process within the platform. This includes, without limitation, stakeholder names, functions, positions, contact details, engagement records, notes and any other information relating to identified or identifiable natural persons.
The user is solely responsible for:
- Ensuring that their processing of personal data complies with the GDPR and any other applicable data protection legislation;
- Identifying and documenting the appropriate legal basis for each processing activity (e.g. legitimate interest, consent, legal obligation);
- Responding to any request from a data subject to exercise their rights (access, rectification, erasure, restriction, portability, objection);
- Ensuring the accuracy, relevance and proportionality of the data they enter.
CL Corporate Affairs Consulting, as operator of the Compass platform, acts exclusively as data processor within the meaning of Article 4(8) of the GDPR. CL provides the technical infrastructure, user authentication and access to the service. CL does not determine the purposes of processing stakeholder data entered by users and does not access, use or share such data for its own purposes.
These Terms and Conditions, together with the Privacy Policy, constitute the data processing agreement between the user (controller) and CL Corporate Affairs Consulting (processor) within the meaning of Article 28 of the GDPR.
8. Third-party data sources
Compass retrieves data from publicly accessible institutional sources (European Parliament, Council of the EU, European Commission, EU Transparency Register). This data is provided as-is and may be subject to change. CL Corporate Affairs Consulting does not guarantee the accuracy, completeness or timeliness of data retrieved from third-party sources.
9. AI-assisted content and third-party services
Compass includes an AI layer that supports analytical tasks such as position classification, stakeholder analysis and strategic briefings. The platform’s AI scope is deliberately restricted to Mistral, the European AI provider headquartered in Paris (France). No other third-party AI provider — neither OpenAI, nor Anthropic, nor any non-European model — is integrated into the platform, and none is contemplated for future integration.
The user chooses between two Mistral-based configurations:
- Option A — Ollama local: a Mistral model runs directly on the user’s own computer via the Ollama runtime, with no data leaving the user’s device for AI processing. The user is responsible for installing Ollama and configuring it (notably the
OLLAMA_ORIGINS=https://compass.eu.comenvironment variable that allows the Compass web interface to communicate with the local Ollama instance). - Option B — Mistral commercial API: AI requests are sent to
api.mistral.ai(EU infrastructure, France and Sweden). Under Mistral’s commercial API terms, customer data is not used for model training and is retained for 30 rolling days for abuse-monitoring purposes only, then deleted.
User control. By using the Compass platform, you acknowledge that AI-assisted features are not enabled by default and require a deliberate, explicit choice between Option A and Option B in Manage my account. You may at any time switch between options or disable AI entirely. The default state of every account is “no AI”.
User responsibility for setup (Option A). Where you activate Option A (Ollama local), the technical installation and configuration of Ollama on your device is your sole responsibility. CL Corporate Affairs Consulting provides guidance documents and best-practice recommendations but does not warrant compatibility with every operating system, hardware configuration or local network environment.
Third-party provider obligations (Option B). Where you activate Option B (Mistral API), data exchanged with the API is governed by Mistral’s commercial terms, including its Data Processing Addendum and applicable privacy policy, available at legal.mistral.ai/terms. You are invited to review those terms before activation. A more detailed description of the data-protection framework applicable to this configuration is set out in Section 9 of the Privacy Policy.
AI-generated content — whether produced locally (Option A) or via the Mistral API (Option B) — is provided for informational purposes only and should always be reviewed and validated by the user before being acted upon or shared externally. CL Corporate Affairs Consulting does not guarantee the accuracy, completeness or reliability of AI-generated outputs.
10. Limitation of liability
To the fullest extent permitted by law, CL Corporate Affairs Consulting disclaims all liability for any indirect, incidental, special, consequential or punitive damages arising out of or in connection with your use of the Compass platform, including any loss of data, reputation or business opportunity.
The platform is provided on an “as is” and “as available” basis. We do not warrant that the platform will be error-free, secure or uninterrupted.
11. Scope of our confidentiality commitment
CL Corporate Affairs Consulting contractually undertakes never to access, read, consult, analyse or otherwise use the content entered by users into the Compass platform for any purpose other than the technical operation and maintenance of the service. This commitment applies to all content, whether or not it is encrypted, and binds CL for the entire duration of the platform’s operation.
In terms of technical enforcement, this commitment operates on two distinct levels depending on the user’s configuration:
- By default (without end-to-end encryption): the content of stakeholder analyses, notes, engagement records, attributed positions and private comments is stored in a form that is technically readable by the server. The non-consultation of this content is guaranteed contractually, not technically.
- With end-to-end encryption activated: the fields listed in section 10.1 of the Privacy Policy are encrypted in the user’s browser before being stored. The server retains only a form of the data that cannot be decrypted by CL. For these specific fields, non-consultation is guaranteed both contractually and technically.
Metadata that remains unencrypted in either configuration. To preserve core platform functionality (search, alerting, enrichment), the following categories are stored without encryption and remain technically readable by the service, regardless of whether end-to-end encryption is activated: the list of dossiers a user tracks, institutional reference data drawn from public sources, timestamps, user identifiers, and functional metadata. These categories remain subject to the contractual non-consultation commitment stated above.
Narrowly defined exceptions — unencrypted data only. For data that is stored in unencrypted form on the server (whether by default configuration or because it falls outside the encryption scope described in section 10.1 of the Privacy Policy), CL may technically access and read that data in the following circumstances: (i) where required by a final and binding legal order issued by a competent authority; (ii) where strictly necessary to investigate a security incident or a substantiated breach of these Terms; or (iii) with the explicit prior authorisation of the user concerned. In case (ii), only the minimum data strictly necessary for the investigation will be accessed, and the user will be notified unless notification would compromise an ongoing investigation or a legal obligation. These three circumstances are exhaustive.
Encrypted fields — technical impossibility of access. For fields that have been encrypted with end-to-end encryption on the user’s account (as listed in section 10.1 of the Privacy Policy), CL Corporate Affairs Consulting, any third party gaining access to the servers, and any public authority seeking compelled disclosure are technically unable to read or decrypt the content, by virtue of the cryptographic design itself. The decryption key is derived from the user’s password inside their own browser and never leaves the user’s device; CL does not possess it and cannot produce it. This impossibility applies equally to the three circumstances described above: in the event of a legal order or security investigation, CL cannot retrieve the clear-text content of encrypted fields. The responsibility for the production of such data, should it become necessary for the user’s own purposes, rests exclusively with the user. This limitation is an assumed and deliberate consequence of the zero-knowledge design of the end-to-end encryption feature.
Why this matters beyond a separation of legal entities. CL Corporate Affairs Consulting operates both the Compass platform and a public-affairs consulting practice through a single legal entity. The architecture above is deliberately designed so that the strength of the confidentiality guarantee does not rest on a formal separation between those two activities (which a single-entity setup cannot, by definition, provide), but on a property of the system itself: when end-to-end encryption is active on an account, the encrypted content remains unreadable to CL regardless of which activity is being conducted at any given moment. A cryptographic guarantee enforced by mathematics is, in our view, more robust than a separation between corporate entities — which always rests, ultimately, on contractual undertakings and trust.
12. Confidentiality vis-à-vis third parties
All data accessible through the Compass platform, including stakeholder positions, engagement records and strategic analyses, is strictly confidential from the perspective of external third parties. Users must not disclose this information to any third party without the prior written consent of the data controller, except where required by law or where the information is already publicly available. The confidentiality commitments of CL Corporate Affairs Consulting as platform operator are separately governed by section 11 above.
13. Changes to these Terms
We reserve the right to modify these Terms and Conditions at any time. Changes will be published on this page with an updated date. Continued use of the platform following any modification constitutes acceptance of the revised Terms.
14. Governing law
These Terms and Conditions are governed by and construed in accordance with French law. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Paris, France.
15. Contact
CL Corporate Affairs Consulting
1 avenue de l’Observatoire, 75006 Paris, France
Avenue de Tervueren 103, B-1040 Brussels, Belgium
Contact: cl.eu.com/contact