Evidence pack — one ZIP for auditors and vendor questionnaires

Generate a timestamped, anchored bundle of your RoPA, subprocessors, DPAs, and policies to hand an inspector or attach to a security questionnaire.

An inspector, an enterprise customer's security team, or a vendor-risk questionnaire will often ask for proof of your compliance posture in one go. The evidence pack bundles what you have already built in miniterms into a single, timestamped ZIP file — no re-typing, no hunting through separate pages.

What's in the pack

Clicking Generate Evidence Pack on /dashboard/evidence-pack produces a ZIP containing:

  • Your business profile (legal entity, jurisdictions, contact details)
  • Your RoPA register (processing activities, Article 30 fields)
  • Your subprocessor roster and their attestations
  • Saved document drafts (Privacy Policy, Terms, Cookie Policy, DPA — each version as markdown)
  • Your live Cookie Policy, if one has been generated from a scan
  • Your DSAR request log
  • A manifest.json describing every file in the bundle and its hash
  • A summary PDF (evidence-pack.pdf) that ties the whole bundle together

Generating a pack

  1. Open Evidence pack in the sidebar.
  2. Click Generate Evidence Pack.
  3. The ZIP downloads automatically as miniterms-evidence-pack-<date>.zip.

Anchored and verifiable

When provenance is configured on your workspace, each pack is minted as a signed receipt over the bundle's hash. The evidence-pack page shows when the pack was last generated and a verify link to confirm the bundle's integrity at verify.dekimu.com. If signing isn't configured, the pack still generates — it just ships without the anchor.

When to use it

  • Responding to a customer's vendor-security questionnaire
  • Preparing for an internal or external audit
  • Giving your DPO or counsel a single artifact to review
  • Documenting your compliance posture at a point in time, for your own records

Limits

The pack reflects what you have entered into miniterms at generation time. It is not an independent audit and does not certify compliance — it is evidence of what you have documented, when you documented it, and that the bundle hasn't been altered since.