This Data Processing Agreement ("DPA") forms part of the Terms of Service between ISCG Labs, Inc. ("Processor" or "ISCG") and the subscribing customer ("Controller" or "Customer") who uses the Executive Protection Advance Survey platform ("Service").
This DPA governs the processing of personal data by ISCG on behalf of the Customer in connection with the Service. It applies to all personal data processed through the Service, whether entered by the Customer directly or by collaborators authorized by the Customer.
With respect to Survey Data and Collaboration Data entered by the Customer into the Service, ISCG acts as a Processor on behalf of the Customer as Controller. With respect to Account Data, Technical Data, billing and payment records, and platform security data, ISCG acts as an independent Controller and processes such data in accordance with its Data Privacy and Security Policy. The obligations of ISCG as Processor in this DPA apply only to data for which ISCG acts as Processor. Nothing in this DPA limits ISCG's right to process Account Data and Technical Data for the independent purposes described in the Data Privacy and Security Policy.
"Personal Data" means any information that relates to, identifies, or could reasonably be used to identify an individual, directly or indirectly, including but not limited to names, contact information, device identifiers, location data, and inferences drawn therefrom.
"Processing" means any operation performed on Personal Data, including collection, storage, encryption, retrieval, transmission, deletion, or any other use.
"Sub-Processor" means any third-party service provider engaged by ISCG that processes Personal Data on behalf of the Customer in connection with the Service.
"Data Breach" means any unauthorized access to, acquisition of, or disclosure of Personal Data that compromises the security, confidentiality, or integrity of such data.
The Service processes the following categories of data on behalf of the Customer:
Account Data: Email address, encrypted password, authentication tokens, MFA enrollment data, subscription status, and payment history (processed via Stripe).
Survey Data: All information entered into advance survey forms, including but not limited to venue names and addresses, route information, threat assessments, security observations, emergency room and safe haven designations, contact information for venue personnel, photos and images uploaded to surveys, voice recordings attached to survey sections, and any other operational planning data entered by the user.
Collaboration Data: Shared survey access records, collaborator email addresses, and shared encryption keys. All collaborators are independent subscribers to the Service and are individually subject to this Data Processing Agreement by virtue of their own subscription.
Technical Data: IP addresses, browser type, device information, and session timestamps generated through normal use of the Service.
ISCG processes Personal Data solely to provide, maintain, and improve the Service as described in the Terms of Service. Specifically: to authenticate user identity, to store and synchronize encrypted survey data across sessions and devices, to enable collaboration features when the Customer chooses to share a survey, and to process subscription payments through Stripe.
ISCG processes Personal Data for the duration of the Customer's active subscription. Upon cancellation, all encrypted survey data, encryption keys, and collaboration records are permanently deleted at the end of the current billing period, as described in the Terms of Service.
ISCG shall process Personal Data only in accordance with the Customer's documented instructions as set forth in this DPA and the Terms of Service. ISCG shall not process Personal Data for any purpose other than providing the Service unless required to do so by applicable law, in which case ISCG shall notify the Customer of such legal requirement before processing (unless prohibited from doing so by law).
ISCG shall ensure that all persons authorized to process Personal Data have committed to confidentiality obligations or are under an appropriate statutory obligation of confidentiality. Access to production systems and databases is restricted to authorized personnel on a need-to-know basis.
ISCG implements and maintains the following technical and organizational security measures to protect Personal Data:
Encryption: All survey data is encrypted using AES-256-GCM encryption in the user's browser before transmission to the server. Data in transit is protected by TLS 1.2 or higher. Encryption keys are stored in the database and protected by row-level security policies.
Authentication: User accounts are protected by password-based authentication with mandatory multi-factor authentication (MFA) using time-based one-time passwords (TOTP) via authenticator applications.
Access Controls: Row-level security (RLS) policies at the database level ensure that each user can only access their own data and data explicitly shared with them. Database access is restricted by role-based permissions.
Infrastructure: The Service is hosted on Supabase, which operates on Amazon Web Services (AWS) infrastructure located in the United States. Supabase provides database encryption at rest, automated backups, and network-level security controls.
ISCG shall assist the Customer in responding to requests from individuals exercising their rights under applicable data protection law, including rights of access, correction, deletion, and portability. The Service provides built-in tools for Customers to delete individual surveys and export survey data as PDF reports.
In the event of a Data Breach affecting Personal Data processed under this DPA, ISCG shall notify the Customer without undue delay, and in no event later than 72 hours after becoming aware of the breach. The notification shall include: a description of the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences of the breach, and the measures taken or proposed to address the breach and mitigate its effects.
Upon the Customer's reasonable request, ISCG shall provide information reasonably necessary to assist the Customer in conducting data protection impact assessments required under applicable data protection law, to the extent such assessments relate to the processing activities performed by ISCG under this DPA.
The Customer authorizes ISCG to engage the following Sub-Processors in connection with the Service:
Supabase, Inc. — Database hosting, authentication services, real-time data synchronization, and row-level security enforcement. Data is stored on AWS infrastructure in the United States.
Stripe, Inc. — Payment processing, subscription management, invoicing, and billing. Stripe processes payment method information (credit card details) directly; ISCG does not store or have access to full payment card numbers.
Google LLC (Google Maps Platform) — Mapping, geocoding, route calculation, and Street View imagery used within the survey interface. Location queries are transmitted to Google's servers to render map and route data.
Netlify, Inc. — Static site hosting and content delivery for the application front-end. Netlify serves the application interface and static assets. Netlify does not process, store, or have access to customer Personal Data or encrypted survey content.
ISCG shall ensure that each Sub-Processor is bound by data protection obligations no less protective than those set out in this DPA. ISCG shall be liable to the Customer for the acts and omissions of its Sub-Processors to the same extent ISCG would be liable if performing the processing directly, subject to the limitations of liability set forth in the Terms of Service.
ISCG shall notify the Customer at least 30 days in advance of any intended addition or replacement of a Sub-Processor, providing the Customer an opportunity to object. If the Customer objects on reasonable data protection grounds and ISCG cannot accommodate the objection, the Customer may terminate the Service by providing written notice.
All Personal Data processed under this DPA is stored and processed within the United States. ISCG does not transfer Personal Data outside the United States. If ISCG determines that a transfer outside the United States is necessary in the future, ISCG shall notify the Customer in advance and implement appropriate safeguards in compliance with applicable law.
If international data transfers become necessary in connection with the Service, ISCG shall implement appropriate transfer mechanisms recognized under applicable law, which may include Standard Contractual Clauses, binding corporate rules, or other lawful transfer mechanisms. No international transfer shall be initiated without the prior written consent of the Customer unless required by applicable law.
Upon reasonable request and subject to appropriate confidentiality obligations, ISCG shall make available to the Customer information necessary to demonstrate compliance with the obligations set forth in this DPA. ISCG shall allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, provided that such audits are conducted with reasonable advance notice, during normal business hours, and no more than once per calendar year unless a Data Breach or regulatory investigation requires additional audits.
The Customer shall bear all costs associated with any audit, including the fees of any third-party auditor, unless the audit reveals a material breach of ISCG's obligations under this DPA, in which case ISCG shall bear the reasonable costs of the audit.
Upon notice of termination or cancellation by either party, the Customer shall have until the end of the current billing period to export any data the Customer wishes to retain, using the Service's built-in PDF export functionality or any other export tools made available by ISCG. ISCG shall maintain the Customer's data in accessible form through the end of the billing period to facilitate export.
Upon expiration of the billing period following termination or cancellation, ISCG shall permanently delete all Personal Data processed on behalf of the Customer, including all encrypted survey data, encryption keys, collaboration records, and account information. Once deleted, data cannot be recovered by anyone, including ISCG.
Upon written request by the Customer within thirty (30) days following deletion, ISCG shall provide written confirmation that all Personal Data has been deleted in accordance with this Section 8.
ISCG's deletion obligations under this Section apply to the live production database. Automated backups maintained by Supabase as part of its infrastructure may retain copies of deleted data in accordance with Supabase's standard backup lifecycle and retention policies. ISCG does not have independent control over the timing of backup purges. ISCG shall use commercially reasonable efforts to ensure that its infrastructure providers purge deleted data from backups within a timeframe consistent with industry standards.
9.1 The liability of each party under this DPA is subject to the limitations set forth in the Terms of Service. This DPA does not create any independent liability beyond what is established in the Terms of Service.
9.2 Processor Indemnification. ISCG shall indemnify, defend, and hold harmless the Customer from and against any third-party claims, regulatory fines, or penalties directly resulting from ISCG's material breach of its obligations under this DPA or ISCG's negligent or unlawful processing of Personal Data, provided that (a) the Customer notifies ISCG promptly of any such claim, (b) the Customer provides ISCG reasonable cooperation in the defense of such claim, and (c) ISCG has sole control of the defense and settlement. ISCG's total liability under this Section 9.2 is subject to the liability cap set forth in the Terms of Service.
This DPA shall be governed by the same laws that govern the Terms of Service. In the event of any conflict between this DPA and the Terms of Service, this DPA shall take precedence with respect to data processing matters.
This DPA shall remain in effect for the duration of the Customer's subscription to the Service. The obligations of ISCG with respect to data deletion shall survive termination of this DPA. Sections relating to confidentiality, limitation of liability, and governing law shall survive indefinitely.
By subscribing to the Executive Protection Advance Survey, the Customer acknowledges and agrees to the terms of this Data Processing Agreement.