Data Processing Agreement
Last updated: May 27, 2026
1. Definitions
"Controller" means the natural or legal person, public authority, agency, or other body which determines the purposes and means of the processing of personal data. "Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
2. Scope and Roles
This Data Processing Agreement ("DPA") applies to the processing of personal data by ULTRON Infrastructure Intelligence ("Processor") on behalf of the customer ("Controller") in connection with the use of ULTRON services.
3. Data Processing Details
Subject matter:
AI-powered infrastructure intelligence and security analysis services
Duration:
Duration of the service agreement
Nature and purpose:
Collection, analysis, and reporting of infrastructure metrics for security intelligence
Categories of data subjects:
Controller's employees, contractors, and authorized users
Categories of personal data:
Infrastructure metrics, system logs, security events, user account information
4. Processor Obligations
Processor agrees to:
- Process personal data only on documented instructions from Controller
- Ensure that persons authorized to process personal data have committed to confidentiality
- Implement appropriate technical and organizational security measures
- Not engage another processor without prior specific written authorization
- Assist Controller in responding to data subject requests
- Assist Controller in ensuring compliance with security obligations
- Delete or return personal data at the end of the service provision
- Make available information necessary to demonstrate compliance
5. Sub-processors
Controller hereby provides general written authorization for Processor to engage the following categories of sub-processors: cloud infrastructure providers, email delivery services, analytics services, and customer support tools. Processor shall maintain an up-to-date list of sub-processors and notify Controller of any intended changes.
6. Technical and Organizational Measures
Processor implements the following security measures:
- Encryption of personal data in transit and at rest
- Access controls and authentication mechanisms
- Regular security testing and vulnerability assessments
- Incident response procedures
- Employee security training
- Data backup and disaster recovery procedures
7. Data Subject Rights
Processor shall assist Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Controller's obligation to respond to requests from data subjects exercising their rights.
8. Data Breach Notification
Processor shall notify Controller without undue delay after becoming aware of a personal data breach. The notification shall include the nature of the breach, categories and approximate number of data subjects, likely consequences, and measures taken or proposed.
9. Data Transfer
Processor shall not transfer personal data to a third country or international organization unless appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
10. Termination
Upon termination of services, Processor shall delete or return personal data to Controller at Controller's option. Deletion shall be verified and documented.
11. Contact
For questions about this DPA, contact our Data Protection Officer at dpo@ultron.io.
See also: Privacy Policy | Terms of Service | Security