Template version. The signed version is finalized jointly by InsClaw legal and your counsel.
1. Roles
- Controller: your company
- Processor: InsClaw
- Sub-processors: third parties (cloud providers, email vendors) engaged by InsClaw with your written consent
2. Scope
InsClaw processes data only on your written instructions and only to deliver the InsClaw service.
3. Security measures
- TLS 1.3+ in transit
- AES-256 at rest
- Role-based access control + quarterly audit
- Full audit logs retained ≥ 12 months
4. Portability & deletion
Within 30 days of termination, we export and then delete all data on your request.
5. Sub-processor list
The full sub-processor list is in Appendix A; updates announced 30 days in advance.
6. Liability
In the event of a breach:
- Notify you within 72 hours of confirmation
- Cover reasonable investigation and notification costs
- Liability cap follows the master agreement
7. Governing law
This DPA follows the same jurisdiction as the master agreement.