Data Processing Agreement

This DPA forms part of the Terms of Service between you (“Controller”) and Ambect Solutions LLC (“Processor”) and applies where Ambect Solutions LLC processes personal data on your behalf.

1. Definitions

Personal Data, Processing, Controller, Processor have the meanings given in the GDPR (Regulation (EU) 2016/679).

2. Processor obligations

• Process personal data only on documented Controller instructions
• Ensure authorized persons are bound by confidentiality
• Implement appropriate technical and organizational security measures (Article 32)
• Assist the Controller in responding to data subject requests
• Delete or return all personal data upon termination

3. Sub-processors

See ambect.com/subprocessors. 30 days notice before new sub-processors. You may object within 14 days.

4. Security incidents

Ambect Solutions LLC will notify the Controller of a personal data breach within 72 hours of becoming aware, per Article 33 GDPR.

5. Signed DPA

To request a countersigned DPA for enterprise compliance, contact legal@ambect.com.