Notice: AI-generated output is a first draft for internal workflow only. Attorney review required before filing.

Trust Center

Data Processing Addendum (DPA)

Controller/processor terms, processing instructions, security measures, and subprocessors.

Effective: March 10, 2026 | Updated: March 10, 2026

Back to Trust CenterBack to Sign In

Roles

Customer acts as controller (or business) for personal data submitted to the service.

The Platform provider acts as processor (or service provider) and processes data only on documented customer instructions.

Processing Instructions

  • Processing is limited to providing contracted services.
  • Data use is restricted to operational support, maintenance, and security.
  • Any new processing purpose requires customer authorization.

Security Obligations

  • Implement access controls and least-privilege design.
  • Protect data in transit and at rest using reasonable industry controls.
  • Maintain logging and incident response procedures.

Subprocessors

Approved subprocessors are listed in the Subprocessor List.

Subprocessors are contractually required to provide appropriate data protection obligations.

Data Subject Requests and Deletion

The Platform provider will provide reasonable assistance for data subject requests to the extent required by law.

Return or deletion after termination follows customer instructions and retention policy.