This Data Processing Agreement ("DPA") forms part of the Terms of Service ("TOS") between ISCG Labs, Inc. ("Processor" or "ISCG") and the subscribing customer ("Controller" or "Customer"). This DPA governs the processing of personal data by ISCG on behalf of the Customer in connection with the Executive Protection Advance Survey platform ("Service").
This DPA applies to all personal data processed through the Service. ISCG acts as a Processor for Survey Data and Collaboration Data, processing such data on behalf of the Customer as Controller.
For Account Data, Technical Data, billing and payment records, and platform security data, ISCG acts as an independent Controller in accordance with its Privacy Policy. ISCG's Processor obligations under this DPA apply only to data for which ISCG acts as a Processor. Nothing in this DPA limits ISCG's right to process Account Data and Technical Data independently as a Controller.
Account Data: Email address, hashed password (processed by our authentication provider Supabase using bcrypt), authentication tokens, MFA enrollment data, subscription status, and payment history (via Stripe).
Survey Data: All information entered into advance survey forms, including venue names and addresses, route information, threat assessments, security observations, emergency room and safe haven designations, venue personnel contact information, photos and images, voice recordings, and operational planning data.
Collaboration Data: Shared survey access records, collaborator email addresses, and shared encryption keys. All collaborators are independently subject to this DPA.
Technical Data: IP addresses, browser type, device information, and session timestamps.
ISCG processes Personal Data solely to provide, maintain, and improve the Service, including to: authenticate user identity, store and synchronize encrypted survey data, enable collaboration features, and process payments through Stripe.
Processing shall continue for the duration of the Customer's active subscription. Upon cancellation, all encrypted survey data, encryption keys, and collaboration records are deleted from active storage at the end of the current billing period, with residual copies in encrypted database backups purged within thirty (30) days as part of the standard backup retention schedule, in accordance with the Terms of Service.
ISCG shall process Personal Data only in accordance with the Customer's documented instructions and the Terms of Service. ISCG shall not process Personal Data for any other purpose unless required to do so by applicable law, in which case ISCG shall notify the Customer of such legal requirement before processing unless prohibited from doing so by law.
All persons authorized to process Personal Data shall be subject to appropriate confidentiality obligations. Access to Personal Data is restricted to authorized personnel on a need-to-know basis.
ISCG implements the following security measures to protect Personal Data:
ISCG shall assist the Customer in responding to requests from data subjects to exercise their rights, including rights of access, correction, deletion, and data portability. The Service provides built-in tools for deleting individual surveys and exporting survey data as PDF.
ISCG shall notify the Customer of any Data Breach without undue delay, and in any event no later than 72 hours after becoming aware of the breach. Such notification shall include:
Upon reasonable request, ISCG shall provide information necessary to assist the Customer in conducting data protection impact assessments, to the extent such assessments relate to ISCG's processing activities.
The following Sub-Processors are authorized to process Personal Data in connection with the Service:
Each Sub-Processor is bound by data protection obligations no less protective than those set forth in this DPA. ISCG shall be liable for the acts and omissions of its Sub-Processors to the same extent as if ISCG were performing the processing directly, subject to the liability limitations set forth in the Terms of Service.
ISCG shall provide the Customer with 30 days' advance notice before engaging any new Sub-Processor or making material changes to existing Sub-Processor arrangements. The Customer shall have an opportunity to object to any such change. If ISCG cannot reasonably accommodate the Customer's objection, the Customer may terminate the subscription upon written notice.
All Personal Data processed through the Service is stored and processed within the United States. ISCG does not transfer Personal Data outside the United States.
If a future transfer of Personal Data outside the United States becomes necessary, ISCG shall notify the Customer and implement appropriate safeguards prior to any such transfer. International transfers will use recognized transfer mechanisms, including Standard Contractual Clauses, binding corporate rules, or other lawful mechanisms as applicable.
No international transfer of Personal Data shall occur without the Customer's prior written consent unless required by applicable law.
Upon reasonable request, ISCG shall make available to the Customer information necessary to demonstrate compliance with this DPA and shall allow and contribute to audits and inspections conducted by the Customer or a mandated auditor.
Audits shall be conducted with reasonable advance notice, during business hours, and no more than once per calendar year unless a Data Breach or regulatory investigation requires additional audits.
The Customer shall bear all costs associated with audits, including third-party auditor fees, unless the audit reveals a material breach of this DPA by ISCG, in which case ISCG shall bear the reasonable costs of the audit.
Upon termination or cancellation notice, the Customer has until the end of the current billing period to export data via the Service's PDF export feature or other available tools. ISCG shall maintain data in accessible form through the end of the billing period. For users who cancel during a free trial, the export window extends through the end of the trial period.
Upon expiration of the billing period, ISCG shall permanently delete all Personal Data, including encrypted survey data, encryption keys, collaboration records, and account information. Once deleted, this data cannot be recovered by anyone, including ISCG.
Upon written request made within 30 days following deletion, ISCG shall provide written confirmation that all Personal Data has been deleted in accordance with this Section 8.
The deletion obligations set forth in this Section apply to the live production database. Automated Supabase backups may retain copies of data in accordance with standard backup lifecycle and retention policies. ISCG does not have independent control over the timing of backup purges. ISCG will use commercially reasonable efforts to ensure that infrastructure providers purge deleted data within a timeframe consistent with industry standards.
This DPA is subject to the limitation of liability provisions set forth in the Terms of Service. This DPA does not create any independent liability beyond what is set forth in the Terms of Service.
ISCG shall indemnify, defend, and hold harmless the Customer against any third-party claims, regulatory fines, or penalties directly resulting from ISCG's material breach of this DPA or ISCG's negligent or unlawful processing of Personal Data, provided that the Customer: (a) notifies ISCG promptly in writing of any such claim, (b) provides reasonable cooperation in the defense of such claim, and (c) grants ISCG sole control of the defense and settlement of such claim. ISCG's total liability under this provision is subject to the liability cap set forth in the Terms of Service.
This DPA shall be governed by and construed in accordance with the same governing law provisions set forth in the Terms of Service. In the event of any conflict between this DPA and the Terms of Service, this DPA shall take precedence with respect to matters related to data processing.
This DPA shall remain in effect for the duration of the Customer's active subscription to the Service. The obligations set forth in this DPA regarding data deletion shall survive termination of the subscription. The provisions of this DPA addressing confidentiality, limitation of liability, and governing law shall survive indefinitely.
By subscribing to the Executive Protection Advance Survey, the Customer acknowledges and agrees to the terms of this Data Processing Agreement.