Legal
Data processing agreement
The processor contract that sits underneath your subscription.
Pre-launch placeholder
This document is an outline only. Do not rely on it. The
final, counsel-reviewed version replaces this file before public launch.
Contact [email protected] if you need a signed copy now.
1. Parties and roles
For personal data processed through EIAAW Workforce, your workspace is the controller and EIAAW SOLUTIONS (SSM Reg. No. 202603133419 / CT0164540-H) is the processor. This DPA governs the processor relationship.
2. Outline of the binding DPA
- Nature and purpose of processing (defined by the Terms of service)
- Categories of data subjects (employees, contractors, candidates)
- Categories of personal data (identity, contact, employment, payroll, device)
- Security measures: Postgres RLS, encryption at rest, HMAC audit log, MFA, single-session enforcement
- Subprocessor list and change-notification procedure
- Data-subject request handling and controller assistance obligations
- Breach notification (72-hour window, aligned with GDPR Art. 33)
- Audit rights and SOC 2 report handling
- Cross-border transfer mechanisms (SCCs + DPA addenda for EU data)
- Term, termination, and return / deletion of personal data
3. Signing the DPA today
Enterprise workspaces receive a counter-signed DPA as part of the onboarding pack. Starter / Growth / Scale tenants accept the published DPA by continuing to use the service; the final version is linked from the Terms of service. Request a wet-signed copy at [email protected].