Data
Processing
Agreement
This Data Processing Agreement (“DPA”) forms part of the Master Subscription Agreement or other agreement for services between SupraWall and the Customer.
Jurisdiction
Standard Contractual Clauses (SCCs) are incorporated to ensure lawful data transfers from the EU/EEA.
Sub-processors
Full transparency on infrastructure sub-processors including AWS, GCP, and managed security partners.
Legal Grade
Drafted specifically for AI agent autonomy, addressing Article 9 (Special Categories) and sensitive tool telemetry.
Subject Matter & Duration
SupraWall processes personal data provided by the Customer in connection with the provision of AI security and guardrail services. The duration of the processing corresponds to the duration of the Provision of Services under the Agreement.
The nature and purpose of processing consists of securing autonomous tool-calls made by AI agents, scrubbing PII from telemetric payloads, and maintaining immutable audit trails for regulatory compliance.
Authorized Sub-processors
| Entity Name | Service Provided | Entity Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud Infrastructure / Hosting | EU (Ireland), USA |
| Google Cloud Platform (GCP) | Database & Identity Auth | EU (Germany), USA |
| Stripe, Inc. | Payment Processing & Billing | USA |
| Resend Labs, Inc. | Transactional Messaging | USA |
* Enterprise customers may request custom regional deployments to ensure data resides exclusively within the EU/EEA.
Security & Safeguards
Encryption at Rest
All customer data, including encrypted vault secrets, is stored using AES-256 bit encryption. Keys are derived from unique organizational master secrets.
Network Isolation
Agent evaluations happen within isolated VPCs with strict ingress/egress controls. No raw payloads are ever transmitted outside the secure evaluation perimeter.
PII Redaction
Our proprietary PII Shield identified and masks sensitive data (Names, SSNs, Credit Cards) before any log is written to persistent storage.
Business Continuity
Real-time failover to secondary regions and daily encrypted off-site backups ensure 99.99% availability for critical security infrastructure.
Audit & Monitoring
SupraWall shall provide all information necessary to demonstrate compliance with its obligations and shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.
Need a signed
counter-party DPA?
Our legal team can review and execute custom DPAs for Business and Enterprise customers within 48 hours.
Contact Legal Team