Data Processing Addendum
This Data Processing Addendum (DPA) supplements our service agreement when AskVerdict processes personal data on behalf of a customer.
Quick Summary
Applies to: Customers acting as controllers and AskVerdict acting as processor for service delivery.
- Defines controller-processor roles, instructions, and data processing scope.
- Covers security measures, subprocessors, and cross-border transfer safeguards.
- Includes incident notification, rights assistance, and compliance support commitments.
1. Scope and Precedence
This DPA applies to Customer Personal Data processed through AskVerdict and supplements theTerms of Service. If this DPA conflicts with the Terms on data protection matters, this DPA governs for those matters.
2. Roles and Authority
- Customer acts as controller, or as processor with authority to appoint AskVerdict as subprocessor.
- AskVerdict acts as processor and processes personal data only as instructed by the customer and as required to provide the services.
- Customer is responsible for ensuring instructions are lawful and do not violate applicable data protection law.
3. Processing Instructions
Customer instructions may be provided through configuration settings, API requests, workspace controls, support requests, or written directions. AskVerdict will inform customer if an instruction appears to conflict with applicable law, unless prohibited from doing so.
4. Processing Details
- Subject matter: Provision, support, maintenance, and security of AskVerdict services.
- Duration: During the contract term and limited post-term periods required for security, legal, or compliance obligations.
- Nature: Collection, organization, storage, retrieval, transmission, analysis, and deletion needed for service delivery.
- Data categories: User identifiers, account metadata, usage logs, and customer-submitted content.
- Data subjects: Customer users and individuals whose data appears in customer content.
5. Confidentiality
AskVerdict ensures personnel with access to Customer Personal Data are subject to confidentiality obligations and access is limited to what is needed to perform authorized duties.
6. Security Measures
AskVerdict maintains technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, alteration, and disclosure. A high-level summary is available on ourSecurity Practices page.
- Access control and role-based authorization boundaries.
- Encryption controls for supported data in transit and at rest.
- Security monitoring, vulnerability management, and incident workflows.
- Operational resilience controls such as backup and recovery planning.
7. Subprocessors
Customer grants a general authorization for AskVerdict to use subprocessors necessary for service delivery. Current subprocessors are listed on theSubprocessors page. AskVerdict remains responsible for subprocessor obligations relevant to services they perform.
8. International Transfers
Where personal data is transferred internationally, AskVerdict applies recognized legal transfer safeguards, such as standard contractual clauses or equivalent lawful mechanisms under applicable law.
9. Data Subject Rights Assistance
Taking into account the nature of processing and available functionality, AskVerdict provides reasonable assistance for customer responses to valid requests for access, correction, deletion, restriction, objection, and portability.
10. Compliance Assistance
AskVerdict provides reasonable assistance for privacy impact assessments, security inquiries, and regulatory cooperation where customer cannot reasonably satisfy obligations without processor input.
11. Incident Notification
If AskVerdict confirms a personal data incident affecting Customer Personal Data, we notify the customer without undue delay and provide available information necessary to support legal notification duties.
12. Government Access Requests
If AskVerdict receives a legally binding request for access to Customer Personal Data, we will review the request for legal validity and scope. Unless prohibited by law, we will notify the customer before disclosure to allow protective action.
13. Audit and Evidence Requests
On reasonable request, AskVerdict provides information necessary to demonstrate compliance with this DPA, subject to confidentiality, security, and legal constraints.
14. Return and Deletion
Upon termination and subject to applicable law, AskVerdict will delete or return Customer Personal Data in accordance with product capabilities and contractual terms, except where retention is legally required.
15. Liability and Legal Terms
Liability, disclaimers, and limitation terms applicable to this DPA follow the governing service agreement unless otherwise required by law.
16. Contact
For DPA execution, privacy legal requests, or compliance documentation, contactsupport@askverdict.ai.