Data Processing Agreement (DPA)

1. Definitions

"Controller" means the Customer (you).
"Processor" means AgentShield Inc. (us).
"Data Subject" means the individuals whose data is processed (e.g., your employees, your end-users).

2. Subject Matter & Duration

The subject matter of the processing is the provision of the AI Governance Platform. The duration of processing is equal to the term of your subscription plus the data retention period (30 days for logs by default).

3. Nature and Purpose of Processing

We process data to routing, log, and analyze AI interactions to provide cost management, security auditing, and compliance reporting services.

4. Security Measures (Toms)

We implement the following Technical and Organizational Measures (TOMs) to protect your data:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
• Access Control: MFA required for all internal admin access. Principle of Least Privilege.
• PII Redaction: Optional automated redaction of sensitive entities before sending to LLM providers.
• Penetration Testing: Annual third-party security audits.

5. Subprocessors

You authorize us to engage the subprocessors listed in our Privacy Policy. We remain fully liable for the acts and omissions of our subprocessors. We will notify you 30 days in advance of any changes to the subprocessor list.

6. Audit Rights

Upon written request, we will make available to you all information necessary to demonstrate compliance with this DPA. For Enterprise customers, we allow for on-site audits subject to reasonable confidentiality and security covenants.

7. Data Breach Notification

In the event of a Personal Data Breach, we will notify you without undue delay (within 48 hours) after becoming aware of the breach.

Signatures

This DPA is legally binding upon your acceptance of our Terms of Service. No physical signature is required for standard plans.