Every organisation uses cloud services. Email, CRM, HR tools, project management, file storage, messaging — the list grows every year. Each service holds data, some of it sensitive. People access these services from managed laptops, personal phones, shared workstations. Data flows between services through APIs, backups, exports, and integrations.

But if you ask most IT managers to draw a complete picture of this landscape — who accesses what, from which devices, where data flows, and what happens if something goes wrong — the answer is usually a mix of spreadsheets, tribal knowledge, and guesswork.

That's the problem Readmodel® is designed to address.

Readmodel® product walkthrough — 3 minutes
Read the transcript

In this video, I'm excited to show you some of the core capabilities of Readmodel®. I'll walk you through creating a project for a single user who works on a laptop and uses an AI service for content generation.

First, I log in to Readmodel®. I create a new project, name it "DEMO," and add a short description. Now let's open the dashboard — which requires the project to be opened first. And there it is! The dashboard page appears and guides me right through entering all the necessary data.

The first step is adding a data service. In this case, I'll pick "Claude" from the service templates that come available by default. You'll notice I keep returning to our anchor point: the dashboard.

Next up — let's add a user. Meet Alex! And now a device for Alex. Alex doesn't use a VPN, and the notebook doesn't take snapshots. Perfect — I can now assign Alex as the user of this notebook. The last missing piece is assigning access to the service. Alex uses Claude.

Now here's something great: compliance checking is one of Readmodel®'s standout features. This video doesn't dive into those functions, but I do want to show you the risk register — and look, it's already flagging several warnings for Claude. Let's add some more detail about how we use it.

I use two-factor authentication to log in to Claude — but there's so much more I can add. The role of processor should be selected. Claude is only available over HTTPS, so we've got encryption in transit covered. AI-specific data can be entered too. Let's put it to work for some basic content generation.

Readmodel® also has powerful capabilities for backup strategies. I won't dive into the details in this video, but I'll indicate here that Claude provides some form of backup. And to support improving digital resilience, I can add details about potential vendor lock-in and an exit strategy.

Back at the risk register, I can see a warning that access hasn't been reviewed yet. No problem — Readmodel® provides access reviews. I create a campaign and acknowledge that Alex should have access to Claude. When closing the review, a warning appears letting me know that access will be revoked for any users who weren't acknowledged — in my case, zero users. And look at that — the risk register now shows just one item with low risk.

I can also open the resilience report and the AI report. The dedicated ROPA register page shows that I don't yet have a data processing agreement in place — but no worries, I can upload it later.

Now for one of my favorite parts: the report page generates a printable PDF with a complete summary of the project. Personally, I'm most excited about the AI-generated section. I press the button, wait a few minutes, and it delivers some genuinely helpful advice — for instance, on the option to opt out of model training with Claude.

And that's a quick overview of some of the core capabilities of Readmodel®. Ready to try it yourself? You can open a free "Explore" account and start your first project today — just head over to our website at readmodel.com.

What Readmodel® does

Readmodel® is a web-based tool that helps you map your organisation's data landscape and understand your risk exposure. You document your services, the people who access them, the devices they use, the data items each service processes, and the transfers between services. The application then computes risk scores, checks backup compliance, assesses device security, and generates reports.

The core idea is simple: you can't protect what you can't see. Readmodel® gives you visibility.

Mapping

At its heart, Readmodel® maps four layers:

  • Services — the tools and platforms your organisation uses (200+ pre-configured templates available)
  • Users — the roles and people who access those services
  • Devices — the laptops, phones, and workstations used for access, with security posture assessment
  • Data items — the categories of data each service processes, with sensitivity classification

These layers are connected: users access services from devices, services process data items, and data transfers flow between services.

Risk insight

Once your data is mapped, Readmodel® computes a risk score for every service. The score considers data sensitivity, authentication controls, legal basis documentation, retention policies, backup coverage, and outgoing data transfers. Services are ranked in a risk register with specific action items — not vague advice, but concrete gaps like "2 items missing legal basis" or "no disk encryption on device accessing this service."

Backup and device security

Beyond data mapping, Readmodel® helps you assess whether your backup strategy actually meets recognised standards like 3-2-1 or 3-2-1-1-0. You define your backup policy, document backup transfers with media type, offsite, and immutability flags, and the system checks compliance automatically.

Similarly, the device security assessment documents groups of devices (not individual serial numbers — Readmodel® is not an MDM) and flags risks: BYOD devices accessing sensitive data without management, devices without disk encryption, missing remote wipe capability.

Vendor lock-in

Each service can be assessed for vendor lock-in risk. How easy is it to leave? Can you export your data in standard formats? What's the migration path? The template library comes pre-populated with lock-in assessments for 50+ common services, so you get a starting point without having to research each vendor yourself.

AI-powered analysis

For paid plans, an AI model analyses your complete data landscape and writes a professional report covering data flows, sensitivity assessment, device security cross-references, backup compliance, and specific recommendations. This report is generated from your actual data — not a generic template.

Compliance documentation

Because you've mapped everything, GDPR compliance documentation comes as a natural byproduct. Readmodel® generates a Record of Processing Activities (ROPA), tracks legal bases and retention periods per data item, documents Data Protection Impact Assessments (DPIAs), and exports everything in print-ready or machine-readable formats.

This is intentional: the primary goal is risk visibility, and compliance documentation follows from doing the mapping work well.

What Readmodel® is not

We want to be clear about what the tool does not do:

  • It is not a security enforcement tool. Readmodel® documents and assesses — it does not configure firewalls, manage devices, or block access.
  • It is not an MDM. Device security is assessed at the group/policy level, not per individual device.
  • It is not legal advice. While it supports GDPR documentation, it does not guarantee compliance. Consult a qualified professional for legal matters.
  • It does not replace formal risk assessments. The risk scores are indicative — designed to highlight areas that may need attention, not to serve as a certified risk assessment.

Early stage, active development

Readmodel® is under active development. We're adding features, refining the user experience, and expanding the template library regularly. Some things may change. We welcome feedback from early users — it directly shapes what we build next.

The application is currently available for EU businesses. If you're outside the EU and interested, you can join our waiting list on the registration page.

Getting started

You can create a free account and start mapping your data landscape immediately. The free plan includes one project with up to five services — enough to explore the tool and see if it fits your needs. No credit card required, no time limit.

If you have questions or feedback, get in touch. We'd like to hear from you.