Data Privacy Documentation Requirements: A Complete 2026 Guide

Introduction

Privacy documentation isn't a box to check. It's the foundation that proves you respect customer data and comply with regulations. In 2026, regulators worldwide are enforcing privacy laws more aggressively than ever—and documentation is your best defense.

Whether you're a startup, small business, creator platform, or enterprise, data privacy documentation requirements have become non-negotiable. The regulatory landscape has shifted dramatically. GDPR enforcement continues strengthening. The CPRA is now in full effect across California. Over 15 U.S. states have comprehensive privacy laws. Meanwhile, the EU AI Act and emerging regulations in Asia-Pacific regions are creating new documentation obligations.

This guide breaks down everything you need to know about data privacy documentation requirements in simple, actionable terms. You'll learn what documentation you actually need, which regulations apply to your situation, and how to build a sustainable documentation program without overwhelming your team.

Why does this matter for creators and marketing platforms? Tools like influencer contract templates need to address privacy because they handle sensitive data—creator information, brand data, payment details, and performance metrics. Getting documentation right protects everyone involved.

What is Data Privacy Documentation Requirements?

Data privacy documentation requirements are the records, policies, and evidence you must create and maintain to demonstrate that your organization handles personal data responsibly and complies with applicable privacy laws. Think of it as creating a paper trail that proves you're protecting people's information.

Documentation includes privacy policies that explain what data you collect, data processing agreements with vendors who touch your data, records showing how you process information, and consent forms proving people agreed to your practices. It also covers breach notifications, impact assessments, and audit logs.

Here's the key insight: Documentation isn't compliance itself—it's evidence of compliance. A privacy policy doesn't make you compliant; it communicates your practices and creates accountability.

In 2026, regulators view documentation as the minimum standard. Without it, you can't prove you've done due diligence, which means fines increase and trust disappears.

Most organizations think about documentation only to avoid fines. That's understandable but shortsighted.

Strong documentation builds trust. According to a 2025 Pew Research study, 81% of consumers say they care about data privacy practices. When you can transparently show how you handle data, customers feel safer doing business with you.

Documentation improves operations. When you map your data flows and document processing activities, you find inefficiencies. You discover unnecessary data collection, identify vendor risks, and streamline workflows. This actually saves money.

It reduces liability. Courts and regulators care about intent and reasonable effort. If a breach happens and you can show documented security measures, regular audits, and incident response procedures, your legal exposure shrinks dramatically.

Regulators respect documented diligence. According to 2025 ICO enforcement data, organizations with comprehensive documentation receive lighter penalties when violations occur. An organization that can show thoughtful privacy impact assessments and risk mitigation strategies fares far better than one with no documentation at all.

It's essential for partnerships. Brands using campaign management tools expect their partners to have privacy documentation. Investors, acquirers, and business partners now require privacy audit readiness. Without documentation, you lose opportunities.

The 2026 Regulatory Landscape: What You Need to Know

The privacy regulatory environment has fundamentally changed since 2023.

GDPR enforcement is intensifying. The EU added new requirements around AI processing and the "right to explanation." Organizations now must document how AI systems make decisions affecting people. In 2025 alone, GDPR fines exceeded €2.2 billion across enforcement actions.

CPRA enforcement is now live. California's California Privacy Rights Act fully activated in 2024. It's stricter than the CCPA it replaced. Organizations must now document consumer rights response procedures, financial incentive programs, and opt-out mechanisms with precision.

Over 15 U.S. states now have comprehensive privacy laws. Companies operating nationally can't ignore this patchwork. You need documentation that addresses Virginia, Colorado, Connecticut, Utah, Montana, Delaware, Oregon, and newer laws constantly being adopted.

The EU AI Act is reshaping documentation requirements. If you use AI for decision-making, profiling, or automated systems, you now need AI-specific impact assessments. This wasn't standard documentation three years ago.

International regulations are expanding rapidly. The UK PDPA, Singapore PDPA, Australia Privacy Act, and India's Digital Personal Data Protection Act (implemented 2024) all have documentation requirements. For global organizations, cross-regulatory compliance documentation is now essential.

Sector-specific regulations intensify. Healthcare (HIPAA), finance (GLBA), education (FERPA), and credit reporting (FCRA) all have evolved documentation requirements that intersect with general privacy laws.

The bottom line: data privacy documentation requirements are no longer optional compliance theater—they're fundamental business infrastructure.

Core Privacy Documentation Types Every Organization Needs

Privacy Policies and Notices

Your privacy policy is often the first touchpoint between your organization and people's concerns. In 2026, regulators expect privacy policies to be genuinely readable, not just legally bulletproof.

Plain language is now enforced. The FTC specifically targets policies that use confusing language or bury important information. Your policy should explain data practices in straightforward terms someone can actually understand.

Layered privacy notices work best. Start with a brief privacy overview (5-10 key points). Then provide detailed sections covering data collection, usage, sharing, retention, and user rights. This approach works on mobile, accessibility standards improve, and users actually read it.

Cookie and tracking notices are separate. With cookie laws and consent requirements, you need a dedicated cookie notice explaining what tracking occurs and how to opt out. It must be easy to manage preferences.

For creators using media kit creator tools, privacy notices should explain what metrics are tracked, how analytics work, and what happens to historical data. For brands running campaigns, notice should cover how campaign data is processed.

Industry-specific policies matter. A SaaS platform needs different privacy documentation than a healthcare provider or fintech company. Use templates as starting points, but customize them for your actual data practices.

Data Processing Agreements (DPAs)

Here's a common problem: You work with a payment processor, analytics platform, or email service. Those vendors access customer data. You need written agreements covering exactly what they can do with that data.

DPAs are legally required when vendors process data on your behalf. If you use Stripe for payments, you need a DPA covering payment data handling. If you use Google Analytics, you need DPA language protecting user data.

Essential DPA clauses include: - Clear definition of what data the vendor processes - Permitted uses (processing only as you instruct) - Sub-processor restrictions (they can't pass data to other vendors without approval) - Security requirements and audit rights - Data subject rights support (helping you respond to deletion requests) - Data breach notification procedures - Termination and data deletion procedures

DPA templates exist for common vendors. Most major platforms (Stripe, Shopify, HubSpot) have pre-negotiated DPAs available. Don't reinvent the wheel—use their standard agreements as your starting point.

For platforms like payment processing tools, managing DPAs becomes critical as you scale. You need a centralized repository tracking every vendor agreement, version history, and renewal dates.

Privacy Impact Assessments (PIAs)

A Privacy Impact Assessment (sometimes called DPIA or Data Protection Impact Assessment) is a formal evaluation of processing activities that might create privacy risks.

When are PIAs required? Mandatory in EU (GDPR) for high-risk processing. Increasingly required in California (CPRA) and other states for automated decision-making, profiling, and sensitive data. Best practice everywhere.

High-risk processing triggers PIAs: - Automated decision-making or profiling (deciding eligibility, creditworthiness, preferences) - Large-scale processing of sensitive data (health, biometrics, financial) - AI/machine learning systems that could affect people - Data sharing with third parties - Matching or combining data from different sources - Processing children's data

A PIA documents: - What data you process and why - Legitimate business purpose - Who has access and what they do - Technical and organizational safeguards - Risks to individuals' rights and freedoms - Mitigation measures you'll implement

AI/ML PIAs are now standard. If you use AI for recommendations, content moderation, performance predictions, or any automated decision, you need AI-specific impact assessment documentation. This includes bias testing procedures, explainability measures, and human review processes.

How to Implement Data Privacy Documentation Requirements: Step-by-Step

Step 1: Conduct a Data Inventory and Mapping Exercise

Start here. You can't document what you don't understand.

Map your data flows: What personal data does your organization collect? Where does it come from (directly from people, third-party sources, data brokers)? Where does it go? Who has access? How long do you keep it?

Create a simple spreadsheet or use privacy documentation tools to catalog: - Data types collected (names, emails, phone numbers, behavior data, financial information, location) - Collection methods (forms, cookies, integrations, uploads) - Processing purposes (service delivery, marketing, analytics, legal obligation) - Recipients (internal teams, vendors, partners, regulators) - Storage and security measures - Retention periods

This exercise often reveals surprising things—unnecessary data collection, unauthorized access, retention that went too long.

Step 2: Identify Applicable Regulations

Not every privacy law applies to you. Your obligations depend on location, industry, and who you process data about.

Start with these questions: - Where do your customers live? (GDPR applies if anyone is in EU; CCPA if anyone is in California) - What industry are you in? (Healthcare needs HIPAA; finance needs GLBA; education needs FERPA) - How much data do you process? (Some laws have volume thresholds) - What types of data? (Some laws focus on sensitive data only) - Do you process children's data? (Special protections apply)

Most U.S. organizations now need GDPR + CCPA + state law documentation simultaneously. That's reality in 2026.

Step 3: Develop or Update Your Privacy Policy

Based on your data inventory and applicable laws, create a privacy policy covering:

  • What data you collect and how
  • Why you collect it (lawful basis under GDPR)
  • Who you share it with
  • How long you keep it
  • What rights people have (access, deletion, objection, portability)
  • How people can exercise those rights
  • How you protect data and handle breaches
  • Your contact information and complaint procedures

Use your industry's standard template as a starting point, but customize it to your actual practices. Don't copy a competitor's policy—it won't match your operations and creates legal risk.

Step 4: Create Data Processing Agreements with All Vendors

Go through your vendor list. For each vendor that accesses personal data:

Identify the processing relationship. Are they a "processor" (processing data only as you instruct) or a "third party" (using data for their own purposes)? This determines what agreement you need.

Request or create DPAs. Most major vendors have DPA templates available. Request it if you don't have it. For smaller vendors, use a standard DPA template and customize key terms.

Track your agreements. Create a centralized registry with: - Vendor name and what they do - Type of data they access - DPA signed date and renewal date - Sub-processors they use - Key obligations and contact for breaches

Many organizations using tools like contract management platforms store DPAs alongside other vendor agreements for easy tracking.

Step 5: Document Your Lawful Basis for Processing

Under GDPR and increasingly under state laws, you must document why you process each data type. Six lawful bases exist:

  1. Consent: Person explicitly agreed to processing
  2. Contract: Processing is necessary to fulfill an agreement
  3. Legal obligation: Law requires processing (taxes, compliance)
  4. Vital interests: Processing protects someone's health or safety
  5. Public task: Processing part of official government duty
  6. Legitimate interests: Your business interests outweigh privacy impact

Create a processing register mapping each data type to its lawful basis. For example: - Email addresses (service delivery) → Legitimate interest + contract - Payment information → Contract (needed to process payment) - Analytics cookies → Consent (require explicit opt-in) - Fraud prevention data → Legitimate interest

Document your reasoning for each basis, especially for "legitimate interest." Regulators scrutinize this justification.

Step 6: Implement Privacy by Design

Privacy by design means building privacy protections into systems from the start, not adding them later.

Document your approach: - Data minimization: Why do you collect each piece of data? Can you collect less? - Purpose limitation: Document what you'll use data for; don't vague - Access controls: Who needs access and why? Document restrictions - Encryption: What data is encrypted in transit and at rest? - Retention: Set automatic deletion schedules; document them - Security audits: Document regular assessments and improvements

For organizations using platforms, document that your vendors follow these principles. Ask them for evidence.

Step 7: Create a Privacy Documentation Maintenance Schedule

Documentation expires. Laws change. Data practices evolve.

Set review schedules: - Quarterly: Check for regulation updates that affect documentation - Semi-annually: Review vendor DPAs and sub-processor lists - Annually: Full privacy documentation audit; update as needed - After any change: Immediately update documentation when you add vendors, change data practices, or add new processing purposes

Assign responsibility. Documentation needs an owner—usually your privacy lead or general counsel. Track changes with version control.

Privacy Documentation for Emerging Technologies (2026 Focus)

AI and Machine Learning Documentation

If you use AI anywhere—content recommendations, pricing algorithms, fraud detection, automated moderation—you need new documentation standards.

AI-specific documentation should include: - What data trains the model and where it comes from - How the model makes decisions - Testing for bias and fairness - Explanation procedures (why did the system make this decision for this person?) - Human review procedures (when does a human override the AI?) - Rights to opt out of automated decision-making

For influencer platforms, this matters if you use AI to match creators with brands, predict campaign performance, or moderate content. Document the training data, testing procedures, and safeguards.

IoT and Sensor Data Documentation

Connected devices collect data. Document: - What sensors collect and transmit - Who can access that data - Firmware update procedures and security implications - Data retention and deletion procedures - Third-party integrations and their data access

Blockchain and Distributed Systems

Blockchain creates special challenges. Document: - How you reconcile immutability (blockchain doesn't delete) with deletion rights (privacy laws require it) - Who controls private keys and data access - Smart contract functionality and privacy implications - How decentralized systems allocate privacy responsibility

Best Practices for Maintaining Privacy Documentation

Create a Documentation Maintenance Schedule

Set it and automate it.

Quarterly reviews: Check for regulatory updates. The FTC, state attorneys general, and international regulators publish guidance constantly. Subscribe to updates and flag changes affecting your documentation.

Semi-annual sub-processor audits: Vendors change their sub-processors. Your DPAs require you to approve sub-processors and notify customers of changes. Document this process.

Annual full audit: Once yearly, do a comprehensive privacy documentation review. Assign someone to go through every policy, agreement, and process. Update anything outdated. Assess whether your practices match your documentation.

After major changes: When you add vendors, launch new features, change data practices, or enter new markets, update documentation immediately. Don't wait for the annual review.

Implement Version Control

Know who changed what, when, and why.

Track versions: Use version numbers (v1.0, v2.0, etc.) or dates. Maintain a changelog showing what changed.

Document approval: Who approved the change? When? Get signatures or email confirmations.

Maintain history: Keep previous versions accessible. You may need them for audits or incident investigations.

Access control: Limit who can change documentation. Privacy policies and DPAs shouldn't be edited by random people.

Create a Privacy Documentation Audit Framework

Use checklists to ensure nothing falls through cracks.

GDPR checklist: - [ ] Privacy policy covers all required elements - [ ] Records of Processing Activities documented - [ ] DPAs in place for all processors - [ ] Data Protection Impact Assessments completed for high-risk processing - [ ] Lawful basis documented for each processing activity - [ ] Data subject rights procedures documented - [ ] Breach notification procedures established - [ ] International transfer documentation completed (if applicable)

CCPA/CPRA checklist: - [ ] Consumer rights response procedures documented - [ ] Data inventory and mapping completed - [ ] Vendor classification (processor vs. third party) documented - [ ] Opt-out mechanisms implemented and documented - [ ] Financial incentive program terms documented (CPRA) - [ ] Response timeline procedures (45 days standard)

Use similar checklists for other applicable regulations. This becomes your audit readiness foundation.

Common Privacy Documentation Mistakes to Avoid

Mistake 1: Copy-Pasting Competitor Privacy Policies

Your competitor's policy doesn't match your operations. Using it creates gaps and misrepresents your practices—exactly what regulators investigate.

Instead: Use templates as starting points. Customize to your actual practices. Be honest about what you do.

Mistake 2: Creating Documentation But Never Updating It

Outdated documentation is nearly as bad as no documentation. Regulations change. Your practices evolve. Your documentation must keep pace.

Instead: Schedule regular reviews. Assign responsibility. Use version control.

Mistake 3: Failing to Document Lawful Basis

"We need the data" isn't a lawful basis. GDPR requires documented justification.

Instead: For each data type, explicitly state which of the six lawful bases applies. Document your reasoning, especially for "legitimate interest."

Mistake 4: Ignoring Data Processing Agreements with Vendors

Many organizations treat vendor relationships as informal. Without written DPAs, you violate GDPR and create legal exposure.

Instead: Request DPAs from every vendor handling data. Store them centrally. Track renewals.

Mistake 5: Not Involving the Right People

Privacy documentation needs input from legal, technical, operations, and business teams.

Instead: Create a privacy documentation task force. Get buy-in across your organization.

Mistake 6: Treating Privacy as Compliance Theater

Documentation only works if your actual practices match what you document.

Instead: Use documentation as a tool to genuinely improve privacy practices. When writing a privacy policy reveals gaps, fix them.

How InfluenceFlow Helps with Data Privacy Documentation Requirements

As an influencer marketing platform, InfluenceFlow handles sensitive data—creator information, campaign details, payment information, performance metrics. Privacy documentation isn't optional; it's foundational.

Here's how InfluenceFlow supports privacy documentation:

Built-in contract templates: InfluenceFlow's influencer contract templates include privacy clauses covering data sharing, confidentiality, and usage rights. When you use these templates, you're incorporating privacy documentation directly into your campaign agreements.

Digital contract signing: Contracts with privacy terms need signatures. InfluenceFlow's digital signing means you have documented evidence that parties agreed to privacy terms. This is documentation in action.

Creator data protection: The platform handles creator data responsibly. Creators can trust that their information is protected, and brands know the platform takes privacy seriously. This trust relationship depends on solid documentation.

Campaign transparency: When you run campaigns through campaign management tools, you can demonstrate to regulators that you documented campaign data flows, creator rights, and brand obligations.

Rate card and payment documentation: rate card generator and payment processing create records you need. These become documentation evidence of proper payment tracking and creator compensation.

No unexpected data sharing: InfluenceFlow's 100% free model means you're never a product. Your data isn't sold to advertisers or used for secondary purposes. This simplifies your privacy documentation because your data handling is straightforward.

The broader point: Free tools with transparent data practices make privacy documentation easier. When you're not trying to monetize data, your privacy obligations simplify dramatically.

Privacy Documentation Tools and Automation

Tool Best For Strengths Limitations Pricing
OneTrust Enterprise compliance Comprehensive, integrates with security tools, AI documentation Expensive, steep learning curve Custom pricing
TrustArc GDPR + CCPA focus Expert guidance, audit support, templates Less flexible customization $2,000-10,000+/year
Drata Privacy Documentation + audit Lightweight, user-friendly, affordable Limited advanced features $500-2,000/year
GDPR.report GDPR compliance Simple, template-based, free tier available Limited to GDPR Freemium model
Securely.ai Data mapping + inventory Automated discovery, integrations Lower visibility in market Custom pricing

For SMBs and startups: Start with free templates or low-cost tools like Drata Privacy. You don't need enterprise software initially.

For creators and platforms: Tools that integrate with contract management (like InfluenceFlow) reduce duplicate documentation efforts.

Free and Low-Cost Privacy Documentation Resources

Government resources: - GDPR.eu has free templates and guides - FTC provides privacy guidance and checklists - State attorneys general publish compliance resources

Open-source tools: - CNIL's DPIA software (free GDPR assessment tool) - Data protection authority templates (most EU countries publish free templates)

Template libraries: - Privacy Policy Templates (legaltemplates.com, docusign.com) - Standard DPA templates from major platforms (Stripe, Shopify, Google)

Privacy Documentation for Small Businesses and Startups

You don't need to do everything at once.

Minimum Viable Privacy Documentation (Phase 1: Launch)

When you're starting, focus on essentials:

  1. Privacy policy: Required by law in most jurisdictions. Use a template, customize it. Done.
  2. DPAs with critical vendors: If you use payment processors, email services, or analytics, get DPAs in place.
  3. Basic records: Document what data you collect, why, and who has access. Simple spreadsheet works initially.

This takes days, not months.

Growth Phase Documentation (Phase 2: Scaling)

As you gain customers and complexity:

  1. Privacy Impact Assessment: If you add new data processing, do a simple assessment.
  2. Vendor registry: Maintain a spreadsheet of all vendors handling data.
  3. Data subject rights procedures: Document how you'll handle requests for access, deletion, portability.
  4. Security documentation: List what security measures you've implemented.

Assign one person 10% of their time to documentation.

Mature Phase Documentation (Phase 3: Enterprise)

Full privacy documentation program:

  1. Comprehensive policies and procedures: Documented processes for every data activity
  2. Privacy by design: Documentation embedded in product development
  3. Regular audits: Quarterly/annual documentation reviews
  4. Privacy team: Dedicated privacy role or hired consultant

Frequently Asked Questions

What is the difference between a DPA and a privacy policy?

Privacy policies explain to customers what data you collect and how you use it. They're public-facing. DPAs are legal agreements with vendors specifying exactly what they can do with data you give them. They're vendor-specific. You need both. A privacy policy tells customers "we use Google Analytics"; a DPA with Google specifies Google's obligations around that analytics data.

How often should we update our privacy documentation?

Minimum annually. Review thoroughly at least once per year. Additionally, update immediately when you change data practices, add vendors, enter new markets, or new regulations affect you. Many organizations review quarterly for regulatory changes and semi-annually for vendor sub-processor updates.

Do small businesses really need privacy impact assessments?

Only for high-risk processing. If you just collect names and emails and use basic vendors, PIAs aren't mandatory. But if you use AI, automated decision-making, process sensitive data, or process children's information, PIAs become essential—and increasingly required by law.

What documentation do we need if we operate internationally?

It depends on where customers are located. If you serve EU residents, GDPR documentation is mandatory regardless of where your company is based. If you serve California residents, CCPA documentation applies. For global operations, most organizations maintain GDPR + CCPA documentation as the minimum standard, then add regional requirements (UK, Canada, Australia, Singapore, etc.) as needed.

How do we prove we've deleted customer data after they request deletion?

Documentation is key. Keep records showing: (1) when you received the deletion request, (2) what data you deleted, (3) when deletion was completed, (4) confirmation from vendors they deleted data too. This deletion log is critical documentation.

What should we do if we discover we've been documenting practices incorrectly?

Update immediately and assess impact. First, correct the documentation. Then, check whether your actual practices match the corrected documentation. If they don't, align practices to match documentation or vice versa. Document this assessment. Regulators respect organizations that catch and fix their own errors more than those that try to hide them.

Are privacy policies and terms of service the same?

No. Terms of service govern your business relationship (how you provide service, liability limits, payment terms). Privacy policies govern data handling. You need both. They can cross-reference but shouldn't duplicate each other.

How do we handle privacy documentation for contractors and freelancers?

Treat them like processors if they access data. If a contractor accesses customer data, you need a written agreement covering data protection, confidentiality, and limitations on usage. This can be simpler than a DPA but must cover the basics.

What documentation is needed for cookies and tracking?

Privacy policy plus cookie notice plus consent records. Your privacy policy explains all tracking. Your cookie notice lists specific cookies and their purposes. You must get documented consent before setting non-essential cookies (tracking, marketing cookies). Store records showing who consented, when, and to what.

How do we document compliance with multiple privacy laws simultaneously?

Create unified documentation where possible, supplement with regulation-specific sections. For example, your core privacy policy covers general practices. Then add GDPR-specific sections, CCPA-specific sections, etc. This avoids duplication while addressing each law's unique requirements. Many organizations use "GDPR addendum," "CCPA supplement," etc.

What happens if we can't find privacy documentation from a vendor?

Request it formally. Send a written request asking for their data processing agreement or confirming they'll sign your standard DPA. Give them 30 days to respond. If they refuse, you have a vendor risk problem. Can you work with a different vendor? Do you really need their services? You can't force compliance, but you can decide whether the vendor relationship is worth the risk.

Should we hire a privacy consultant or handle documentation in-house?

It depends on complexity. For straightforward businesses with simple data practices, in-house documentation (using templates) works fine. For regulated industries, complex processing, AI/ML, or international operations, a privacy consultant pays for itself quickly by preventing expensive mistakes. Most organizations do a hybrid: consultant guides initial framework; in-house team maintains it.

How do we communicate privacy documentation to employees?

Make it accessible and required reading. Store documentation centrally (not buried on a shared drive). Summarize it in plain language. Train teams on their roles and responsibilities. Creators using platforms should understand what data is collected; developers should understand data protection requirements; customer service should know how to handle data subject requests.

Conclusion: Building Your Privacy Documentation Program

Data privacy documentation requirements aren't going away. They're becoming more detailed, more enforced, and more integral to business operations. In 2026, organizations without solid documentation face regulatory fines, customer trust loss, and partnership obstacles.

Here's what you've learned:

  • What documentation you need: Privacy policies, DPAs, impact assessments, processing records, consent documentation, and increasingly, AI-specific assessments
  • Why it matters: Beyond legal compliance, documentation builds trust, improves operations, and reduces liability
  • How to implement it: Start with data mapping, identify applicable regulations, develop policies, secure vendor agreements, and create maintenance schedules
  • How to maintain it: Regular reviews, version control, audit frameworks, and clear ownership
  • Tools that help: Free templates through enterprise software; no single right answer

Your next step: If you haven't started, pick one task—either create a data inventory or update your privacy policy. Small progress beats perfect paralysis.

For creators and brands: If you're using influencer marketing platforms, ensure your platform has privacy documentation and transparent data practices in place. Your data deserves protection.

Get started with InfluenceFlow. Our platform includes contract templates with privacy clauses built-in, digital signing for documented agreements, and zero data monetization (your data stays yours). Sign up today—no credit card required, completely free forever. Build your influencer marketing presence with a platform that respects privacy from day one.

More Resources