Data Processing Agreement

For Enterprise Customers

Important Note

Investor Suite is designed to be fully self-hosted. Once deployed on your infrastructure, Software Chains has no access to your data, eliminating the need for traditional data processing agreements regarding your investment data.

1. Scope of Agreement

This Data Processing Agreement (DPA) covers only the limited data we process during:

  • Initial consultation and demo processes
  • Software deployment and setup
  • Ongoing technical support (if requested)

2. Data Categories

During the above processes, we may temporarily access:

  • Technical Data: System logs, configuration details
  • Contact Data: Email addresses, names, company information
  • Support Data: Troubleshooting information, error logs

We do NOT process: Investment data, portfolio information, client data, or any financial information.

3. Processing Principles

  • Lawfulness: Processing only with explicit consent or legitimate interest
  • Purpose Limitation: Data used only for stated technical purposes
  • Data Minimization: Collect only necessary information
  • Accuracy: Maintain accurate records
  • Storage Limitation: Retain data only as long as necessary
  • Security: Implement appropriate technical safeguards

4. Your Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (where legally permissible)
  • Restrict processing
  • Data portability
  • Object to processing

5. Security Measures

We implement industry-standard security measures including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Incident response procedures

6. International Transfers

Any data transfers outside your jurisdiction will be protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

7. Sub-processors

We may engage limited sub-processors for:

  • Cloud infrastructure (AWS, Azure)
  • Communication tools (email, video conferencing)

All sub-processors are bound by equivalent data protection obligations.

8. Incident Response

In the unlikely event of a data breach affecting your information, we will:

  • Notify you within 72 hours
  • Provide detailed incident information
  • Assist with regulatory notifications if required
  • Implement remediation measures

9. Contact Information

For DPA-related inquiries or to exercise your rights:
Data Protection Officer: dhwaj@softwarechains.com
Subject Line: DPA Inquiry - [Your Request]

Enterprise DPA

Need a customized DPA for your organization? We can provide tailored agreements that meet your specific compliance requirements.

Contact: dhwaj@softwarechains.com