| Type | Paper | Version | Status | Updated |
|---|---|---|---|---|
| Legal | The baseline contract for AI Governance & Tech-Xecutive engagements. Plain English where possible; defined terms where it matters. | 1.0 | Public | Read → |
| Legal | The delivery and acceptance terms for Professional Services — review periods, sign-off, and how Deliverables are accepted. Forms part of the Master Services Agreement. | 1.0 | Public | Read → |
| Legal | Privacy & data processing notice How Underfold handles personal data — yours, your team's, and any data exchanged during an engagement. UK GDPR aligned. | 0.1 | Draft In review | 28 Apr↓ |
| Ethics | The Underfold AI Charter What I will and won't use AI for — across research, client work, communications, and this website. Specific. Updated when practice changes. | 0.1 | Draft In review | 02 May↓ |
| Legal | Data Processing Addendum (DPA) Attaches to the MSA when an engagement involves processing personal data on your behalf. Sub-processor list included. | 0.1 | Draft In review | 28 Apr↓ |
| Operational | Information Security Policy How client information is stored, accessed, and disposed of. Endpoint posture, key management, incident response. Audited to ISO 27001 controls. | 0.1 | Draft In review | 14 Mar↓ |
| Operational | Acceptable AI Use Policy The five-rule policy I use myself and recommend as a starting point for clients. Practical, short, written for staff not lawyers. | 0.1 | Draft In review | 20 Mar↓ |
| Operational | ISO/IEC 42001 Statement of Applicability Underfold's own SoA — the control mapping that comes from running ISO 42001 against my own practice. Eating our own dog food. | 0.1 | Draft In review | 14 May↓ |
| Legal | Mutual non-disclosure agreement (NDA) Standard mutual NDA template. Available on request — usually only relevant before a discovery call where sensitive specifics will be shared. | 0.1 | Draft In review | 10 Feb↓ |
I run Underfold under the same principles I help clients adopt — and that means the contracts, policies, and AI charter I work to are visible before you sign anything. Read them, mark them up, send back questions.
Each paper has a version number, a last-updated date, and a publicly readable changelog. Material changes are announced on Substack with a short explanation of what changed and why. The AI Charter is the document most likely to evolve as the practice evolves. The MSA and DPA change rarely — and never retrospectively for an active engagement.