OwnMoat

Data Processing Agreement

Last updated: TODO — set when drafted text is pasted in.

1. Roles

TODO: paste drafted roles section — Customer as controller, OwnMoat as processor, scope of processing.

2. Nature and purpose of processing

TODO: paste drafted processing description — categories of data, categories of data subjects, retention.

3. Sub-processors

TODO: paste drafted sub-processor list. Should match the Privacy Policy Section 6 sub-processor list exactly. State the change-notification process (X days notice) and Customer's right to object.

4. Security measures

TODO: paste drafted security measures — encryption in transit and at rest, access control, audit logging, incident response, business continuity.

5. International data transfers

TODO: paste drafted transfers section — SCC references, transfer impact assessment posture, any UK / EU-specific commitments.

6. Data subject request assistance

TODO: paste drafted DSR assistance clauses — how OwnMoat helps Customer respond to access, deletion, portability, and rectification requests.

7. Breach notification

TODO: paste drafted breach notification clauses — timeline (typically within 72 hours), content of the notification, coordination with Customer.

8. Audit rights

TODO: paste drafted audit rights section.

9. Term and termination

TODO: paste drafted term / termination language.

10. Return and deletion

TODO: paste drafted return-and-delete-on-termination clauses — timeline, format, certification.

11. Contact

DPA questions: hello@ownmoat.com.