Creating Your First Policy

Last updated: December 18, 2025

This guide is designed to help new users create their first policy and understand how policies are used throughout the product.

What Is a Policy?

A policy is a set of rules that can be applied to a case. Policies define important constraints such as deadlines, extensions, and—most importantly—exemption rules used for redactions.

You can create as many policies as you like, and different cases can use different policies depending on jurisdiction, regulation, or internal practice.

Exemptions Are the Core of a Policy

The heart of every policy is its list of exemptions. Exemptions are used throughout the product any time you:

  • Make a redaction

  • Exempt a document or part of a document

If exemption reasons are required by your policy, users must select from this list whenever they redact information.

System Template: UK GDPR Policy

Every tenant starts with a UK GDPR system template policy.

  • This policy cannot be edited or deleted

  • It contains all allowed exemptions under the UK GDPR, along with ICO guidance for each one

Many customers choose to clone this policy and then:

  • Remove exemptions they do not use in practice

  • Rename exemptions for internal consistency

  • Add internal descriptions or guidance

Cloning the system template is often the fastest way to create a compliant, production-ready policy.

Displaying Exemption Reasons in Redactions (Optional)

Some customers choose to display the exemption reason directly inside each redaction for full transparency to the data subject.

If you enable this option, we recommend:

  • Using short exemption names or codes so they fit neatly inside redaction bars

  • Providing a legend in your cover letter to explain these codes

Example:

  • Full exemption name: Protection of the Rights of Others

  • Short code used in redactions: 3PD (Third-Party Data)

Step-by-Step: Creating Your First Policy

Step 1: Navigate to the Policies Page

  1. From the main navigation, click Policies.

  2. You’ll see a table listing existing policies.

Screenshot 2025-12-17 at 9.26.11 PM.png

Step 2: Create a New Policy

  1. Click New Policy.

  2. A modal titled “Create a new policy” will appear.

  3. Enter a Policy Name (required).

  4. Click Create Policy.

Step 3: Configure Policy Details

You’ll be taken directly to the policy detail page in edit mode.

Screenshot 2025-12-17 at 9.32.50 PM.png

Basic Information

  • Policy Name – Editable at any time

  • Acknowledgment Deadline (days) – Time allowed to acknowledge receipt of a request

  • Max Allowed Extensions – Maximum number of deadline extensions allowed

  • Jurisdiction – e.g. UK, EU, California

  • Response Deadline (days) – Required field

  • Extension Period (days) – Enabled only if Max Allowed Extensions ≥ 1

Hover over any info icon for additional context.

Step 4: Policy Options

Below the main fields are two optional toggles:

Screenshot 2025-12-17 at 9.33.48 PM.png

Require Exemption Reasons

When enabled, users must select an exemption reason for every redaction.

Display Exemptions in Redactions

  • Only available if Require Exemption Reasons is enabled

  • Displays the selected exemption directly inside redaction boxes in exported documents

Screenshot 2025-12-17 at 9.49.28 PM.png
A redacted document with "Display Exemption Reasons" turned on.

Step 5: Add Exemptions

If Require Exemption Reasons is enabled, an Exemptions section will appear.

Screenshot 2025-12-17 at 9.44.11 PM.png

Create an Exemption

  1. Click Add Exemption.

  2. Complete the following fields:

  • Exemption Name (required)

  • Category (optional)

  • Description – supports Markdown

  1. Click Create Exemption.

Manage Exemptions

  • View: Click a row to open details

  • Edit: Click the pencil icon in the drawer

  • Delete: Available while editing

If exemption reasons are required, you must create at least one exemption before saving the policy.

Step 6: Save Your Policy

Screenshot 2025-12-17 at 9.45.27 PM.png

  1. Click the checkmark (✓) button in the bottom-right corner.

  2. You’ll see a success confirmation.

  3. The policy will switch to view mode.

Step 7: Review and Manage

From view mode you can:

  • Click Edit to make changes

  • Delete the policy (if it’s not associated with any cases)

Helpful Tips

  • Clone before building: Cloning the UK GDPR system template is usually faster than starting from scratch

  • Keep exemptions practical: Only include exemptions your team actually uses

  • Use short names if displayed: Especially if exemption reasons appear in redactions

Troubleshooting

  • Can’t save the policy? Ensure required fields are filled

  • Extension Period disabled? Set Max Allowed Extensions to at least 1

  • Can’t display exemptions in redactions? Enable Require Exemption Reasons first

  • Error about exemptions? Add at least one exemption if they are required

You’re all set 🎉

Once created, your policy can be applied to cases to ensure consistent, compliant handling of data subject requests.