Boardmate
Book a demo
Glass office door with lock representing controlled access.

Trust

Security and confidentiality for formal minutes work.

Boardmate gives teams a practical overview of private workspaces, reviewer access, data flow, retention, and security review.

Book a demonstration See Boardmate Lite
01 Access

Named users and limited reviewer links separate workspace control from external review tasks.

02 Audit

Comments, uploads, confirmations, chair decisions, regenerations, exports, and downloads are recorded.

03 Data flow

Source material, generated drafts, reviewer activity, and outputs can be explained for security review.

Security

Security review starts with the actual minutes workflow.

The first review should map who can upload material, who can read a draft, how reviewer comments are controlled, what the audit trail records, and how retention or deletion will work.

Before material moves Confirm the workspace, users, source types and reviewer access for the sample.
Review documents

Ask for current data-flow, retention, deletion, subprocessor and contract documents where needed.

Named access

Authorised users manage source material, draft minutes, comment decisions, exports and deletion requests.

Limited review

External reviewers can receive scoped access to the draft they need to read, comment on or confirm.

Audit trail

Reviewer activity, uploads, confirmations, decisions, regenerations, exports and downloads are recorded.

Review pack

Data flow, subprocessors, retention, deletion, location and contract detail can be requested before upload.

01

Before upload

Agree which workspaces, users, source files, reviewer groups, subprocessors, retention periods and deletion steps are in scope.

The public site gives the shape. Current documents should confirm the live controls.
02

During review

Private links, opens, selected-passage comments, uploads, no-comment confirmations, revocations and chair decisions stay attached to the meeting record.

This is the practical security difference from email trails and loose Word attachments.
03

After approval

DOCX, PDF, actions where available, audit history and any retention or deletion steps can be handled under the agreed evaluation or customer terms.

Use the review to decide what must be kept, exported, deleted or carried into Full.

Trust detail

Private workspaces, revocable links, audit history, and security review detail.

Ask for security detail Read data flow
Workspace
Private

Named users, scoped reviewer access, and controlled source material.

Review links
Revocable

Limited access for comments, uploads, confirmations, and expiry.

Record
Audited

Opens, comments, decisions, regenerations, exports, and downloads stay visible.

Procurement
Documented

Data-flow, retention, and subprocessor detail can support security review.

Security categories

The security review conversation has a clear structure.

Private workspace

A logically separated workspace for named users, meetings, source files, drafts, and records.

Private reviewer links

Unique review links scoped to a draft, with comments private to the chair or board support lead.

Audit trail

Links issued, opens, comments, decisions, regenerations, exports, and downloads recorded against the meeting.

Subprocessors documented

A short data-flow brief can name external services, what they see, where they sit, and for how long.

Retention and deletion

Source files, drafts, and final records follow documented retention and deletion controls.

Data residency review

Residency requirements can be confirmed before confidential evaluation material is loaded.

Security detail tied to the workflow

Security review starts with the controls a careful team expects to inspect: access, source material, reviewer links, audit trail, retention, deletion, data flow, and subprocessors. Boardmate keeps the website practical and supplies current detail when the conversation needs it.

Overview

Explains the workflow and review categories.

Security pack

Supplies current technical and contractual detail for procurement.

Before upload

Real confidential material waits until data-handling terms are agreed.

Reviewer links are controlled

Private review access is recipient-specific where possible, revocable, expiring, and auditable. A reviewer can read a draft, comment on a passage, upload support, or confirm no comments without becoming a full workspace user.

  • Workspace users manage source material, decisions, regeneration, export, and audit history.
  • Reviewers receive scoped access for the relevant draft and permitted actions.
  • Revocation, expiry, and activity history support a controlled review close.

Security detail on request

Security, data flow, infrastructure, retention, deletion, residency, incident, and subprocessor details can be documented for procurement conversations. Request the current detail before confidential evaluation material moves.

Data flow

Source material, generated drafts, reviewer activity, and outputs can be explained for security review.

Common questions

Security questions teams ask.

Should confidential material be uploaded before security review is complete?

No. Real board packs, transcripts, recordings, draft minutes, and support files should wait until confidentiality and data-handling terms are agreed.

What can reviewers see through private links?

Reviewers see the draft and permitted support material for their review task. Workspace users keep control of source material, decisions, regeneration, export, and deletion requests.

What security detail can procurement request?

Teams can request current detail on data flow, subprocessors, access control, retention, deletion, support access, residency questions, and contract terms.

Next useful pages

Related trust and company pages.

Data flow and subprocessorsAccess control and reviewer linksGuide to secure minute workflows