Inferrex

/ legal · data processing agreement

Data Processing Agreement

Draft — pending solicitor review

This document is a working draft and not yet legally binding. It will be finalised after professional review.

Scope

Forms part of the Terms of Service. Governs processing of personal data by Inferrex (Processor) on behalf of the customer (Controller).

Processing Details

Subject matter: Inferrex integration platform.

Duration: Duration of Terms of Service.

Nature: API schema inference, data synchronisation, field mapping, archival, AI processing.

Data types: As determined by Controller's connections.

Data subjects: As determined by Controller's connections.

Processor Obligations

Process only on documented instructions. Confidentiality obligations on authorised persons. Appropriate technical and organisational measures (AES-256, TLS 1.3, per-customer keys, RBAC, audit logging, workspace isolation). No sub-processor without prior written authorisation. Assist with data subject requests. Breach notification within 72 hours. Delete/return all data on termination with deletion certificates. Make compliance information available.

Sub-processors

Listed at inferrex.com/legal/subprocessors. 30-day notice before new sub-processors. 14-day objection window.

International Transfers

SCCs / UK ICO IDTA where applicable.

Data Residency

EU default (Azure West Europe). UK available. Sovereign = Controller-controlled.

AI Processing

Structural metadata only (never record content) unless explicitly configured. Four learning modes. Named AI sub-processor consent.

Audit Rights

Controller may audit with reasonable notice.