This page summarises the data processing terms that apply when we process personal data on behalf of customers as a processor under GDPR Article 28. Enterprise customers may execute a separate DPA or order form; where none is signed, these terms supplement the Terms of Service for processing of customer personal data in the Service.
1. Roles
You (the customer organisation) are the controller of personal data you upload or instruct us to process in the Service. We are the processor, acting on your instructions documented by use of the product and these terms.
2. Instructions
We process personal data only to provide the Service, support, security, and compliance with law. We will not use customer personal data to train public foundation models without a separate agreement.
3. Subprocessors
We may engage subprocessors (for example cloud infrastructure) subject to written agreements that meet GDPR requirements. We remain responsible for their performance. Current categories include hosting, database, email delivery, and observability. You may request a list and object to changes where your agreement provides a right to object.
4. Security
We implement appropriate technical and organisational measures, including access controls, encryption in transit where applicable, and resilience practices appropriate to risk.
5. Breach notification
We will notify you without undue delay after becoming aware of a personal data breach affecting your data where required by law, and assist with your regulatory communications where applicable.
6. Deletion and return
On termination or upon request, we will delete or return personal data as described in the Terms and product capabilities, subject to legal retention needs.
7. Assistance
We will assist you with responding to data subject requests and assessments, taking into account the nature of processing and information available to us.
8. International transfers
Where personal data is transferred outside the EEA, we use appropriate safeguards such as the EU Standard Contractual Clauses.
9. Audit
We make available information necessary to demonstrate compliance and allow audits mandated by law or, for enterprise customers, as set out in an executed agreement.
10. Contact
Data processing questions: info@trustrespond.ai