Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the AttorneyArmor Terms of Service between AttorneyArmor, Inc. ("Processor") and the customer ("Controller") and governs the processing of personal data on the Controller's behalf.

1. Roles & scope

Controller determines the purposes and means of processing; Processor processes personal data only on documented instructions from Controller and as necessary to provide the platform.

2. Nature of processing

Processing consists of hosting, securing, analyzing, and reporting on assessment data and account information submitted by Controller, for the duration of the subscription.

3. Subprocessors

Controller authorizes Processor to engage subprocessors for hosting, authentication, payments, analytics, and customer support. A current list is available on request.

4. Security

Processor maintains the technical and organizational measures described on the Security page, including encryption in transit and at rest, access controls, and continuous monitoring.

5. International transfers

Where personal data is transferred outside the EEA or UK, Processor relies on the European Commission's Standard Contractual Clauses and equivalent UK transfer mechanisms, incorporated by reference.

6. Data subject requests

Processor will provide reasonable assistance to Controller in responding to data subject requests received through the platform.

7. Breach notification

Processor will notify Controller without undue delay after becoming aware of a personal data breach affecting Controller data.

8. Return & deletion

Upon termination, Processor will, at Controller's election, return or delete personal data within 90 days, subject to legal retention obligations.

9. Audits

Processor will make available information reasonably necessary to demonstrate compliance, including third-party audit summaries where available.

Signing

To countersign this DPA, email legal@attorneyarmor.com with your firm name and billing contact.