Data Processing Addendum (Draft)
This draft DPA outlines controller/processor responsibilities for customer data processed by AegisGuard.
1. Roles
Customer acts as Controller; AegisGuard acts as Processor for data submitted to the service.
2. Processing Instructions
AegisGuard processes data only on documented customer instructions and for service delivery/security operations.
3. Technical and Organizational Measures
Measures include least-privilege access, audit logs, secure key and secrets handling, and abuse-prevention controls.
4. Subprocessors
Subprocessor usage is documented, reviewed, and governed by written data protection terms.
5. Incident Notification
Security incidents are handled via defined response playbooks with timely customer notification where required.