Legal

Data Processing Agreement

Standard DPA terms for enterprise customers.

Last updated April 15, 2026

Template version. The signed version is finalized jointly by InsClaw legal and your counsel.

1. Roles

  • Controller: your company
  • Processor: InsClaw
  • Sub-processors: third parties (cloud providers, email vendors) engaged by InsClaw with your written consent

2. Scope

InsClaw processes data only on your written instructions and only to deliver the InsClaw service.

3. Security measures

  • TLS 1.3+ in transit
  • AES-256 at rest
  • Role-based access control + quarterly audit
  • Full audit logs retained ≥ 12 months

4. Portability & deletion

Within 30 days of termination, we export and then delete all data on your request.

5. Sub-processor list

The full sub-processor list is in Appendix A; updates announced 30 days in advance.

6. Liability

In the event of a breach:

  • Notify you within 72 hours of confirmation
  • Cover reasonable investigation and notification costs
  • Liability cap follows the master agreement

7. Governing law

This DPA follows the same jurisdiction as the master agreement.