Data Processing Agreement

Our DPA governs how TrustScope processes personal data on behalf of customers, ensuring compliance with GDPR and other data protection regulations.

Request DPA

Key DPA Provisions

Processing Scope

TrustScope processes personal data only as necessary to provide our AI governance services. This includes AI agent traces, prompts, responses, and associated metadata that may contain personal data.

Sub-processors

We maintain a list of sub-processors and notify customers of any additions. Current sub-processors include our cloud infrastructure providers (Render, Neon, Vercel) and payment processor (Stripe).

Data Subject Rights

TrustScope assists customers in responding to data subject requests (access, rectification, deletion, portability) through our API and dashboard controls.

Security Measures

Our DPA includes Annex II describing technical and organizational security measures, including encryption, access controls, and incident response procedures.

International Transfers

For transfers outside the EEA, our DPA incorporates the EU Standard Contractual Clauses (Module 2: Controller to Processor) as approved by the European Commission.

Data Retention

Data is retained according to your subscription tier (30 days to 7 years) and deleted upon termination in accordance with our retention policy.

GDPR Compliance

TrustScope is committed to GDPR compliance. As a data processor, we:

Process data only on documented customer instructions
Ensure personnel are bound by confidentiality obligations
Implement appropriate technical and organizational security measures
Assist with data subject requests and impact assessments
Notify customers of data breaches without undue delay
Delete or return data upon termination of services
Make available information necessary for compliance audits

Need a DPA?

Request DPA View Privacy Policy