What we filled in
- Description of processing — what a Murmur platform such as UrbanStakes does, which data flows
- Legal bases — which GDPR grounds apply
- Technical and organisational measures — encryption, access, retention, pseudonymisation (see Trust Center)
- Risk inventory (generic part) — typical risks and mitigations built into the platform
- Provenance and categories of personal data — for standard deployments