Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Veriqo AI ("Processor") and the Customer ("Controller") and reflects the parties' agreement regarding the processing of Personal Data.
1. Definitions
In this DPA, "Personal Data", "Data Subject", "Processing", "Controller", and "Processor" shall have the meanings given to them in the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK GDPR.
2. Processing of Personal Data
Veriqo AI shall process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law.
3. Security Measures
Veriqo AI implements and maintains appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit (TLS 1.3) and at rest (AES-256).
- Strict access controls and zero-trust architecture.
- Ephemeral processing of strategic queries with zero data retention by default.
4. Sub-Processors
The Customer grants Veriqo AI general authorization to engage sub-processors. Veriqo AI currently utilizes enterprise-grade AI model providers (e.g., OpenAI, Anthropic) via API. Veriqo AI ensures that all sub-processors are bound by written agreements that require them to provide at least the same level of data protection as required by this DPA, including strict prohibitions on using Customer data for model training.
5. Data Subject Rights
Veriqo AI shall, to the extent legally permitted, promptly notify the Customer if it receives a request from a Data Subject to exercise their rights under applicable data protection law. Veriqo AI shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to such requests.
6. Data Breach Notification
Veriqo AI shall notify the Customer without undue delay after becoming aware of a Personal Data Breach. Veriqo AI shall make reasonable efforts to identify the cause of the breach and take necessary steps to mitigate the effects.
7. Deletion or Return of Data
Upon termination of the Services, Veriqo AI shall, at the choice of the Customer, delete or return all Personal Data to the Customer, and delete existing copies unless applicable law requires storage of the Personal Data. Due to our zero data retention architecture for queries, strategic analysis data is typically purged immediately upon generation.
8. Contact
For any questions relating to this DPA, please contact our privacy team at privacy@veriqoai.com.