// dpa
Data Processing Agreement.
This Data Processing Agreement supplements the Terms of Service and governs our processing of personal data on your behalf. Request a counter-signed copy at contact@xerotier.ai.
This Data Processing Agreement supplements the Terms of Service and governs our processing of personal data on your behalf. Request a counter-signed copy at contact@xerotier.ai.
// 01
This published version is provided for transparency and review; the operative agreement is the counter-signed copy.
You are the controller (or, for your end users, a processor) and Xerotier.ai is the processor (or sub-processor). We process personal data only on your documented instructions, including as set out in the Terms and this DPA, unless required otherwise by law.
// 02
Subject matter: providing the service. Duration: the term of your agreement. Nature and purpose: inference routing, hosting, and the product features you use. The categories of data subjects and personal data are determined by you through your use of the service.
// 03
You authorize the sub-processors listed at /subprocessors. We impose data-protection obligations on each that are no less protective than this DPA, give notice before a material change, and let you object.
// 04
Personnel authorized to process personal data are bound by appropriate confidentiality obligations.
// 05
We maintain technical and organizational measures appropriate to the risk, including TLS in transit, AES-256-GCM at rest, role-based least-privilege access, and audit logging. Details are on /compliance.
// 06
Taking into account the nature of the processing, we assist you with appropriate measures to respond to data-subject requests for access, correction, erasure, portability, restriction, and objection.
// 07
We notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information then available to help you meet your own notification duties.
// 08
We make available the information reasonably necessary to demonstrate compliance with this DPA, including third-party attestations, and allow for audits on reasonable notice and subject to confidentiality.
// 09
Where personal data is transferred out of the EEA, the UK, or Switzerland, we rely on the Standard Contractual Clauses, which are incorporated by reference; a copy is available on request to contact@xerotier.ai.
// 10
On termination, we delete or return personal data in accordance with the retention schedule in the Privacy Policy and your settings, unless retention is required by law.
// 11
This DPA forms part of the Terms of Service. If there is a conflict on the protection of personal data, this DPA controls. Request a counter-signed copy at contact@xerotier.ai.