Compair acts as a context manager for teams, keeping shared context across repos, docs, and workflows so hidden conflicts surface before they become real problems, whether your team runs in the cloud, on-prem, or locally.
Interact to see a real workflow: Compair spots a mismatch between documents and shows the exact lines that triggered the alert.
Compair Desktop Beta
Sync
Document
Requirements overview
Scope covers markdown, docx, and PDF ingestion with passage-level anchors.
Exports are limited to CSV and JSON for v1; PDF audit packs are deferred.
Retention default: 30 days for document content.
Priority alerts trigger at score >= 0.85.
Digest view groups medium alerts by topic.
Scoring model
Signals include contradiction, version drift, and policy mismatch.
Priority alerts should surface within 2 seconds of sync.
Priority: >= 0.85
Digest: 0.60 - 0.84
Data retention policy
Default retention for uploaded documents is 30 days in managed environments.
Extensions beyond 90 days require security approval.
Metadata retained for 12 months.
Purge derived passages within 7 days of expiry.
Problem
Your team is constantly making new decisions.
Decisions get made in docs, meeting notes, and “final_v7” files. Compair tracks what changed, flags when two sources disagree, and notifies the people who are about to be impacted.
Sync files and folders across Cloud, Core, and Desktop.
Notifications alert users to new information with direct impact on their work.
References source the documents generating alerts.
Hands-on example
Explore how Compair surfaces connections & conflicts:
Project Atlas: release alignment
Problem
Requirements, enterprise requests, and security policies disagree on export formats and retention windows, creating a risky release decision.
Solution
Compair cross-references the specs, meeting notes, and security policy to surface the mismatches with evidence links so owners can resolve them fast.
Compair Notifications
High Score 0.99
Export format conflict for audit package
Target mandates PDF evidence packages and 24-month retention for enterprise/regulated workspaces. Peer overview explicitly states no PDF in v1 and marks PDF audit packages as a non-goal, allowing only CSV/JSON exports.
ExportEnterpriseCompliance
High Score 0.99
Retention policy mismatch for enterprise pilots
Target sets a 30-day default with no regulated-team override. Peer enterprise note requires 24-month retention for regulated teams, which is incompatible with 30-day (and even a 90-day extension).
RetentionSecurityEnterprise
Medium Score 0.84
Priority threshold definition discovered
Target relies on "priority alerts" and a publish gate but does not define thresholds or sourcing rules. Peer notifications doc defines concrete criteria for priority alerts (score >= 0.85) and digest handling, which should govern the target flow.
AlertsThresholdsCriteria
Files
Requirements overview
Project Atlas is a release-alignment workspace for teams shipping a coordinated update. This overview is a working snapshot of the v1 scope.
Scope
Ingest markdown, docx, and PDF with passage anchors
Surface conflicts and drift across docs and meeting notes
Export evidence packs as CSV or JSON (no PDF in v1)
Non-goals
Real-time integrations
Automated approvals
PDF audit packages
Open questions
Default retention for uploaded documents (proposal: 30 days)
Who owns alert threshold changes?
Notification requirements
Goal: reviewers should see high-confidence conflicts quickly without losing context.
User stories
As a reviewer, I want priority alerts when score >= 0.85.
As a lead, I want a digest view for medium alerts (0.60 - 0.84) grouped by topic.
As a contributor, I want each alert to cite at least two sources with snippets.
Acceptance criteria
Priority list updates within 2 seconds after a sync.
Alerts without two sources remain in digest until confirmed.
Integrations
Phased plan for v1 and v1.1.
Phase 1 (beta): Gmail import for notification context, inbound only.
Phase 2: Outlook import after pilot validation.
Phase 3: Discord channels for decision logs.
Notes
No real-time webhook processing in v1.
Polling hourly is acceptable for beta.
OAuth scopes should be read-only.
Product roadmap
Planning snapshot for Project Atlas. Dates are illustrative.
Q2
Desktop sync and offline review
CLI for batch uploads
Priority alert workflow polish
Q3
Enterprise pilot with audit evidence pack
Outlook integration (beta)
Admin reporting
Q4
Unified reporting and compliance exports
Workspace analytics and trend views
Dependencies: retention policy, export format decisions, and pilot feedback.
Positioning
Project Atlas is positioned as a release-alignment layer for teams whose documentation drifts between meetings, specs, and policies.
Primary audience: engineering managers and compliance leads who own cross-team sign-off.
Messaging guidance
Do say: "surface conflicts across many docs" and "show evidence with sources"
Do not say: "automatically resolves conflicts" or "guarantees compliance"
Kickoff notes (2024-09-12)
Attendees: Rina, Paolo, Mei, Jordan
Agenda: scope, roles, and first pilot timeline.
Notes
Goal is to reduce release review time by half.
Start with a single workspace and 2-3 teams.
Decide on alert threshold after initial dry run.
Action items
Rina: draft requirements overview
Paolo: outline desktop sync flow
Mei: gather pilot docs
Enterprise call (2024-09-20)
Client feedback focused on auditability.
Key requirements
Audit package must be PDF for external auditors.
Retention must be 24 months for regulated teams.
SSO required before broad rollout.
Open items
Confirm if CSV/JSON exports are acceptable interim.
Determine whether PDF export can ship after pilot.
Weekly sync (2024-10-03)
Status
Desktop sync prototype running in staging
Alert scoring tuning in progress
Decisions
Enterprise pilot will assume 24-month retention.
Add a digest view to reduce noise.
Blockers
Export format for audit package still unresolved.
Need clarity on retention exceptions.
Architecture
System sketch for Project Atlas.
Flow
Local sync agent indexes documents and sends deltas.
Ingestion service extracts passages and metadata.
Scoring service compares passages and emits alerts.
Calibration plan: run on 3 pilot workspaces and review false positives weekly.
API contracts
Draft endpoints for the Atlas service.
Endpoints
POST /documents (body: files, workspace_id)
POST /feedback (body: passage_id, tags, notes)
GET /alerts?view=priority|digest
Example response (alerts)
id: alert_123
score: 0.91
sources: [passage_7, passage_12]
Desktop sync
The sync agent watches local folders and sends deltas only.
Behavior
Compute checksums per file and store locally.
Batch updates every 30 seconds or on manual sync.
Retry with backoff on network failure.
Edge cases
Large PDFs should be chunked.
Renames should not duplicate documents.
OCR pipeline
Pipeline overview for scanned PDFs.
Steps
Detect image-only pages.
Run local OCR to markdown.
Preserve page anchors for evidence links.
Store OCR output alongside original file.
Quality note: keep original line breaks where possible.
CLI usage
Common commands for internal testing.
atlas sync ./docs
atlas alerts --priority
atlas alerts --digest
atlas publish --workspace pilot-01
Logs are stored under ~/.atlas/logs for debugging.
Publish flow
States: Draft -> Review -> Publish -> Archived.
Steps
Review priority alerts and resolve conflicts.
Mark alerts as accepted or dismissed with notes.
Publish the workspace snapshot.
Publishing should be blocked if unresolved high-severity alerts remain.
Data export
Export formats for v1.
Included
CSV summary of alerts
JSON with full evidence payload
Deferred
PDF export for audit packages (not in v1)
Open question: should CSV include snippets or only references?
Notification UI
Layout notes for the priority and digest views.
Priority view
Left: list of alerts with score and tags
Right: evidence snippets with source links
Digest view
Group by topic and show trend over time
Accessibility: keyboard navigation and focus outline required.
Data retention policy
Default retention for uploaded documents is 30 days in managed environments.
Exceptions
Extensions up to 90 days require security approval.
Metadata (hashes, timestamps) retained for 12 months.
Delete process: purge storage and derived passages within 7 days of expiry.
Logging policy
Do not store raw document content in logs.
Allowed
Document hashes and IDs
Error codes and timings
User and workspace identifiers
Debug exception: metadata-only logs may be elevated for 24 hours with approval.
Monitoring notes
Operational proposal for troubleshooting.
Telemetry
Store full request payloads for 7 days to aid debugging.
Track ingestion latency, queue depth, and failure rates.
Emit structured logs to the central aggregator.
This plan assumes payload logging is acceptable for the pilot.
Deployment
Managed
Single-tenant environments for pilots
Weekly release cadence
Self-managed
Container deployment on customer infra
Manual upgrade path with version pinning
Rollback: keep last two images and a configuration snapshot.
Test plan
Focus areas
Threshold boundaries (0.84 vs 0.85)
Large folder sync with 1k files
OCR accuracy on scanned PDFs
Test matrix
macOS and Windows agents
Managed and self-hosted configs
Bug triage
Severity guide
S1: data loss or incorrect export
S2: incorrect alert severity
S3: UI or performance issues
Process
Log in tracker with reproduction steps
Assign owner within 24 hours
Review S1 issues daily
Customer feedback summary
Themes from pilot interviews:
Alerts need clear evidence links and snippet context.
Teams want fewer meetings and faster sign-off.
Integration requests: Gmail and Slack are top asks.
Quote: "We need to know why an alert fired, not just that it did."
Enterprise requests
Enterprise pilot requirements gathered in October.
Must-haves
PDF audit exports for external review
24-month retention for regulated projects
SSO with audit trails
Nice-to-haves
Outlook integration
Admin export history
Onboarding checklist
Create workspace and invite reviewers.
Install desktop sync agent.
Add source folder and run first sync.
Review priority alerts together.
Support tip: always check sync status before triage.
FAQ (draft)
Q: Can we self-host?
A: Yes, a containerized core is available for limited pilots.
Q: Which integrations are live?
A: Gmail beta only; Outlook and Discord are planned.
Q: Do alerts link to sources?
A: Yes, each alert references at least two passages.
Risk register
R-01 Retention mismatch with enterprise requirements
Impact: high
Mitigation: align policy and update contracts.
R-02 Export format mismatch (PDF vs CSV/JSON)
Impact: high
Mitigation: decide audit package format before pilot.
R-03 Logging policy conflict with ops plan
Impact: medium
Mitigation: revise monitoring scope.
Decision log (2024-09-15)
Decision: v1 export formats are CSV and JSON only.
Rationale
Keep implementation small for pilot
PDF layout work is non-trivial
Owner: product and engineering.
Decision log (2024-10-05)
Decision: prioritize compliance and audit evidence for the enterprise pilot.
Notes
Review retention policy and export format
Schedule compliance review in October
Privacy summary
Data collected: document text, passage hashes, and alert metadata.
Retention
Document content retained according to policy (default 30 days).
Metadata retained for analytics up to 12 months.
Sharing
No data sold.
Subprocessors must follow residency requirements.
Compliance notes
Enterprise audit expectations from early pilots:
PDF evidence packages required for auditors.
Retention must be 24 months for regulated workspaces.
Access logs must be available on request.
These items should align with security and legal drafts.
Integration plan
Engineering plan for integration rollout.
Phase 1: Gmail inbound import (beta, read-only).
Phase 2: Outlook inbound import after pilot.
Phase 3: Discord channel summaries.
Gate criteria
Stable alert scoring
Permission and OAuth review completed
Problem
Policy drafts conflict with legal addendums and vendor disclosures on retention, logging, and EU residency, leaving compliance gaps.
Solution
Compair highlights where contracts and onboarding docs diverge from policy so compliance teams can close gaps before audits.
Compair Notifications
High Score 1.00
Logging policy conflict
Direct contradiction: plan proposes storing full request payloads for 7 days while the policy forbids storing raw payloads. Policy only allows metadata-only debug logging for up to 24 hours with approval, which is far more restrictive than the plan.
LoggingSecurityVendor
High Score 1.00
Retention requirement mismatch
Policy 90-day retention conflicts with customer 24-month and HIPAA 6-year requirements. Creates high compliance and contractual risk.
RetentionContractCompliance
High Score 0.93
Data residency gap for EU tenants
Direct contradiction: target requires EU-only hosting for EU locations while the DPA allows processing in both US and EU with SCCs. The target states these requirements are contractually binding for pilot sites, increasing impact if misaligned.
ResidencyEUContract
Files
Policy program overview
Northwind Health is consolidating security and compliance policies for the new data platform. This overview describes scope and ownership.
Scope includes data retention, logging, access control, and residency.
Owners
Compliance: Maya R.
Security: Eliot P.
Legal: Nadia C.
Next milestone: draft review with leadership in November.
Data retention policy
Policy statement: production data is retained for 90 days unless a legal hold is approved.
Retention tiers
Standard workspaces: 90 days
Regulated workspaces: exception only with written approval
Logs: 180 days of metadata only
Rationale: minimize exposure while meeting core operational needs.
Logging policy
Do not store raw payloads or customer document text in logs.
Allowed
Request IDs, timestamps, and hashes
Error codes and latency metrics
Debug window
Metadata-only debug logging may be enabled for up to 24 hours with approval.
Access control policy
Requirements
SSO and MFA for all staff access
Role-based access with least privilege
Vendor access is time-bound and audited
Break-glass access must be approved by security and documented within 24 hours.
Data residency policy
EU tenant data must remain in EU regions end-to-end (storage, processing, backups).
US regions may process US data only. Cross-region replication is not permitted.
Exceptions require a signed DPA addendum and explicit customer consent.
Incident response policy
Severity definitions and response windows.
Critical incidents
Notify customers within 24 hours.
Retain incident records for 24 months.
Response checklist
Contain and preserve evidence.
Notify legal and compliance.
Run a post-incident review within 10 business days.
Master services agreement (draft)
Hosting location
Services are provided from US-based infrastructure by default.
EU hosting is available upon request and may affect pricing.
Audit rights: annual audit notice with 30-day scheduling window.
Data processing addendum
Processors may operate in US and EU regions with SCCs for EU transfers.
Subprocessors must notify Northwind Health 30 days before changes.
Data will be processed only for the purposes defined in the MSA.
Retention addendum
For regulated workspaces, Northwind Health requires 24-month retention of customer content and related evidence.
This addendum supersedes the standard retention policy for covered workspaces.
Subprocessor list
Current subprocessors
Log aggregation: US-West
Email delivery: US-East
Analytics: EU-Central
Change notice required at least 30 days before adding a new subprocessor.
Regulatory map
HIPAA: retain audit evidence for 6 years.
GDPR: EU data must remain in EU regions unless SCCs are in place.
Implications
Retention policy must support longer regulated windows.
Residency controls must be enforceable at ingest and backup layers.
Audit checklist
Required evidence
Retention configuration screenshots
Log redaction proof
Residency control verification
Operational checks
Access review completed quarterly
Incident response drills within the last 12 months
Security risk assessment
Top risks
Retention mismatch between policy and contracts.
Vendor logging of payloads beyond policy.
EU residency gaps in onboarding defaults.
Mitigation: update policy language and enforce configuration gates.
Security architecture notes
Data flow
Ingestion applies redaction before storage.
Region selection is enforced at workspace creation.
Backups stay within the selected region.
Reminder: logging should not include raw payloads.
Monitoring plan
Operational proposal for debugging.
Telemetry approach
Store full request payloads for 7 days to reproduce issues.
Retain performance metrics for 12 months.
Alert on spikes in failed requests.
This plan assumes payload logging is acceptable for short windows.
Backup policy
Backups run nightly and retain for 120 days.
EU workloads stay in EU storage buckets; US workloads remain in US regions.
Restore tests are scheduled quarterly with documented results.
Service level targets
Availability target: 99.9 percent monthly uptime.
Response targets
P1 incidents: acknowledge within 15 minutes
P2 incidents: acknowledge within 1 hour
Maintenance windows require 7-day notice.
Policy review meeting (2024-10-07)
Attendees: Compliance, Security, Legal.
Discussion
Retention policy vs contract addendum
Logging policy vs monitoring plan
Residency expectations for EU tenants
Action items
Legal to confirm MSA hosting language
Ops to revise monitoring scope
Legal review (2024-10-15)
Summary
MSA currently defaults to US hosting.
DPA needs explicit SCC language.
Retention addendum must reference regulated workspaces only.
Next step: revise legal drafts and circulate for sign-off.
Decision log (2024-10-18)
Decision: internal retention policy set to 90 days for standard workspaces.
Rationale
Reduce data exposure
Align with current storage costs
Follow-up: determine exceptions for regulated teams.
Open questions
Should EU hosting be the default for all EU customer trials?
Can we prohibit payload logging in vendor contracts?
What is the approval workflow for retention exceptions?
Owners: compliance and security.
Vendor onboarding notes
Default region: US-East. EU region requires a separate request and lead time.
Vendor stores full request payloads for debugging up to 7 days.
Requested follow-ups
Clarify log retention beyond 7 days
Provide EU data handling documentation
Vendor security questionnaire
Logging
Full payload logging enabled for troubleshooting (7 days).
Log retention for metadata is 180 days.
Data residency
Primary storage in US with optional EU region.
Encryption at rest and in transit: supported.
Customer requirements summary
Regulated teams require:
24-month retention of audit evidence
PDF audit exports for external review
EU-only hosting for EU locations
These requirements are contractually binding for pilot sites.
Data flow notes
Ingestion -> processing -> storage -> reporting.
Controls
Redact sensitive fields before storage.
Apply residency tags at ingest and enforce on backups.
Log metadata only (no content).
Open issue: verify vendor logging behavior in EU region.
Validation plan
Tests
Retention expiration behavior at 90 days
Residency enforcement for EU tenants
Logging redaction verification
Artifacts: screenshots, logs, and config exports are required for audits.
Support FAQ
Q: Can we self-host?
A: Yes, for limited pilots with approved security review.
Q: How long is data retained?
A: Policy default is 90 days; regulated workspaces may be longer.
Q: Where is EU data stored?
A: EU region only, per policy.
Policy program roadmap
Phase 1: publish retention, logging, and access control policies.
Phase 2: finalize residency controls and vendor addendums.
Phase 3: run an external audit readiness review.
Target: complete Phase 1 by end of Q4.
Problem
Launch collateral, pricing docs, and security status statements are out of sync, creating mixed messages and risk.
Solution
Compair checks marketing, sales, and engineering artifacts together and flags claim mismatches before launch day.
Compair Notifications
High Score 0.95
Security claim mismatch
Direct contradiction: the target bans claiming SOC2 certification and real-time integrations pre-GA, while the landing page copy claims both. High risk of misleading customers and compliance issues if prohibited claims remain live.
SecurityComplianceMarketing
High Score 0.93
Pricing message conflict
Direct contradiction between the one-pager’s proposed free tier and the decision-log’s "no free tier" policy. High impact on pricing, billing, and go-to-market messaging if left unresolved.
PricingSalesLaunch
High Score 0.90
Integration availability mismatch
Target press release claims real-time integrations and Gmail/Outlook live at launch. Integration roadmap specifies only a Gmail beta (read-only, inbound) in Phase 1 and Outlook later.
IntegrationsLaunchMarketing
Files
Launch brief
Project Polaris launch targets mid-December for the first paid pilot.
Goals
Prove alert quality in real projects
Validate onboarding flow with 5 teams
Gather pricing feedback
Success signals: weekly active reviewers, low false-positive rate, and at least two enterprise leads.
GTM checklist
Pre-launch items
Finalize messaging and positioning
Approve pricing page content
Confirm support coverage and escalation path
Launch week
Publish release notes
Update website CTA
Notify pilot customers
Release notes
Project Polaris v0.9 highlights:
Desktop sync with offline review
Priority and digest notifications
Evidence snippets with source links
Limitations
Integrations are beta (Gmail only)
No real-time integrations in v0.9
PDF audit export not included
Feature matrix
Included
Passage-level alerts
Desktop sync agent
CLI batch upload
Planned
Outlook integration (beta)
Discord notifications
Audit exports
Not in this release
Real-time integrations
Advanced analytics dashboards
Press release draft
Draft headline: "Project Polaris launches with real-time integrations and instant conflict alerts."
Body draft mentions real-time Gmail and Outlook integrations at launch.
Needs review to ensure claims match release scope.
Landing page copy
Hero line draft: "Real-time integrations, SOC2-certified security, and instant alignment."
Supporting bullets mention Gmail, Outlook, and Discord live at launch.
This copy is a placeholder and has not been approved by security.
Email drip campaign
Sequence: welcome -> use case -> proof -> invite to demo.
Draft highlights "real-time integrations" and "audit-ready reports" in week two.
Check all claims against release notes before scheduling.
Sales one-pager
Value props
Reduce review time across large doc sets
Evidence-backed alerts for decision makers
Pricing note (draft)
Free tier for teams up to 10 users
Paid plans start after pilot
Pricing FAQ
Q: Is there a free tier?
A: No, there is a 14-day free trial only.
Q: What happens after the trial?
A: Per-seat pricing applies with annual or monthly options.
Q: Are integrations included?
A: Gmail beta included; others are planned.
Support FAQ
Top questions from onboarding calls:
How do I install the desktop agent?
Where do alerts show up?
What is the trial length?
Answer references: setup guide, release notes, and support email.
Onboarding guide
Step 1: create a workspace and invite a reviewer.
Step 2: install the desktop sync app and select a folder.
Step 3: run first sync and review priority alerts.
Step 4: publish a snapshot for the team.
If alerts look noisy, switch to the digest view first.
Release comms
Send to support on launch day.
Include
Release notes and limitations
Known issues and workaround steps
Escalation path for sync failures
Tone: transparent, clear on what is beta.
Security status
SOC2 readiness is in progress.
Gap assessment complete
External audit scheduled for next quarter
Do not claim certification until audit results are finalized.
Claims guidance
Do not state SOC2 certification or real-time integrations before GA.
Approved language
"SOC2 in progress"
"Integrations available in beta"
Marketing must route claims through legal review.
Integration roadmap
Phase 1: Gmail beta (read-only, inbound).
Phase 2: Outlook beta after reliability pass.
Phase 3: Discord summaries once alerts stabilize.
Real-time processing is not planned for v0.9.
Reliability notes
Targets
99.9 percent uptime for cloud alerts
Sync retry with exponential backoff
Alert fetch within 2 seconds
Open issue: batch size tuning for large workspaces.
Known limitations
Current release limits:
Gmail beta only; other integrations are not live.
No real-time integrations or webhooks.
PDF audit export not supported.
Document this in release notes and onboarding.
Launch sync (2024-11-01)
Decisions
Ship v0.9 to pilot customers only.
Keep pricing page in trial-only mode.
Action items
Update marketing copy with approved claims.
Support to prepare FAQs.
Sales sync (2024-11-08)
Discussion summary:
Sales wants a free tier to reduce friction.
Finance prefers a trial-only model.
Product wants a decision before launch.
Next step: schedule a pricing decision meeting.
Decision log (2024-11-10)
Decision: launch with a 14-day trial and no free tier.
Rationale
Simplify billing for the pilot
Avoid long-term free usage during beta
Launch risks
Marketing claims exceed release scope.
Pricing message inconsistency across docs.
Security status misrepresented.
Mitigation: update copy and enforce review gates before launch.
Beta feedback
Most requested items:
Outlook integration timeline
Clearer pricing explanation
Fewer noisy alerts in early runs
Positive note: evidence links were called "the best part".
API reference
Rate limits: 60 requests per minute.
Endpoints
POST /documents
POST /alerts
GET /alerts?view=priority|digest
Authentication uses API keys scoped to a workspace.
CLI guide
Example usage
polaris sync ./docs
polaris alerts --priority
polaris publish --workspace alpha
CLI output is JSON and can be piped to other tools.
Pricing page draft
Draft copy:
14-day free trial for all plans
Per-seat pricing after trial
Annual discount available
No free tier is listed in the current draft.
Usage limits
Starter plan
3 projects
1 integration (Gmail beta)
50k passages per month
Pro plan
Unlimited projects
Multiple integrations
Higher passage limits
Webinar outline
Agenda
Problem overview and demo workflow
Live review of a priority alert
Roadmap Q&A
Remind speakers to avoid SOC2 or real-time integration claims.
Objection handling
Q: Do you have a free tier?
A: No, we offer a 14-day trial.
Q: Are integrations real-time?
A: Not yet; Gmail is beta and others are planned.
Q: Are you SOC2 certified?
A: SOC2 is in progress.
Developer proof
Catch cross-repo drift before merge
Compair is strongest when it catches the kind of inconsistency that slips through code review because the affected contract, client, and docs live in different places.
A docs change mapped `activity` to `GET /activity_feed`, while the desktop client and Core backend still used `GET /get_activity_feed`.
That is exactly the sort of release-risking mismatch we want the CLI and CI gates to surface before it turns into a support issue or a broken rollout.
Example files
compair-cli/docs/api_mapping.md
compair_desktop/desktop/compair_desktop/api.py
compair_core/compair_core/api.py
Product suite
Choose the Compair that's right for your team.
Start in Cloud for the fastest path, self-host Core when you need tighter control, keep Desktop close to your files, or automate review workflows with the CLI.
Available
Compair Cloud
Hosted workspace for teams and individuals alike. The fastest way to get started and the strongest out-of-the-box experience.
