/ legal · data processing agreement
Data Processing Agreement
Draft — pending solicitor review
Scope
Forms part of the Terms of Service. Governs processing of personal data by Inferrex (Processor) on behalf of the customer (Controller).
Processing Details
Subject matter: Inferrex integration platform.
Duration: Duration of Terms of Service.
Nature: API schema inference, data synchronisation, field mapping, archival, AI processing.
Data types: As determined by Controller's connections.
Data subjects: As determined by Controller's connections.
Processor Obligations
Process only on documented instructions. Confidentiality obligations on authorised persons. Appropriate technical and organisational measures (AES-256, TLS 1.3, per-customer keys, RBAC, audit logging, workspace isolation). No sub-processor without prior written authorisation. Assist with data subject requests. Breach notification within 72 hours. Delete/return all data on termination with deletion certificates. Make compliance information available.
Sub-processors
Listed at inferrex.com/legal/subprocessors. 30-day notice before new sub-processors. 14-day objection window.
International Transfers
SCCs / UK ICO IDTA where applicable.
Data Residency
EU default (Azure West Europe). UK available. Sovereign = Controller-controlled.
AI Processing
Structural metadata only (never record content) unless explicitly configured. Four learning modes. Named AI sub-processor consent.
Audit Rights
Controller may audit with reasonable notice.

