Material enters
The organisation supplies a meeting manifest and the source material needed for each meeting, with scope agreed before upload.
This is where confidentiality, data handling and any sample boundaries are confirmed.
Trust
Data movement and supporting services.
Security and procurement teams need to understand how confidential source material enters Boardmate, where it is processed, and which services may support the workflow.
01 Ingest
The organisation uploads a CSV manifest and meeting source material into a scoped workspace.
02 Processing
Boardmate preflights matching, drafts minutes, coordinates review, and regenerates from accepted feedback.
03 External services
Subprocessor detail can name supporting services, their role, and the relevant data categories.
Data flow
A practical map of meeting material, drafts, review and output.
A security review should follow the minutes workflow: source material enters a scoped workspace, Boardmate drafts and coordinates review, accepted decisions shape regeneration, and outputs leave under agreed terms.
Before material moves Confirm the workspace, users, source types and reviewer access for the sample.
Review documents
Ask for current data-flow, retention, deletion, subprocessor and contract documents where needed.
Work happens
Boardmate checks source matching, generates drafts, coordinates reviewer feedback, records accepted decisions and prepares the export package.
Ask for current subprocessor and location detail against each part of this workflow.Material is exported, retained or deleted
Exports, actions, audit history, retained source material and deletion requests follow the agreed evaluation or customer terms.
The useful question is not only where data goes, but what must remain available for the final minutes file.High-level flow first
Start with a clear non-technical view of the workflow before procurement teams request deeper documents. Each data movement should map to a practical minutes action: upload, source checking, drafting, review, moderation, regeneration, export, retention, or deletion.
Input
Meeting manifest, source folder, board packs, transcripts or recordings, support notes, and separate reports where needed.
Working record
Draft minutes, reviewer comments, uploads, no-comment confirmations, accepted feedback, and chair instructions.
Output
DOCX, PDF, actions, audit history, downloads, retention, deletion, or carry-forward into a wider workspace.
Subprocessor detail is available when needed
Detailed subprocessor information can be confirmed during security review. The website identifies the questions a team can ask, while the current appendix supplies provider names, roles, data categories, locations, and contractual detail.
- Which services support upload, storage, generation, review, delivery, monitoring, and operations.
- Which data categories each service may process.
- What retention, deletion, support-access, and incident processes apply.
Sensitive content stays bounded
Data categories and movement can be explained without exposing customer-specific files or examples. IT and legal reviewers can confirm how confidential source material will be scoped before a real sample is uploaded.
External services
Subprocessor detail can name supporting services, their role, and the relevant data categories.
Common questions
Security questions teams ask.
Should confidential material be uploaded before security review is complete?
No. Real board packs, transcripts, recordings, draft minutes, and support files should wait until confidentiality and data-handling terms are agreed.
What can reviewers see through private links?
Reviewers see the draft and permitted support material for their review task. Workspace users keep control of source material, decisions, regeneration, export, and deletion requests.
What security detail can procurement request?
Teams can request current detail on data flow, subprocessors, access control, retention, deletion, support access, residency questions, and contract terms.