DATA PROCESSING ADDENDUM

Data Processing Addendum

This DPA summary describes the intended data-processing boundary for ProofTether Control customer accounts. A signed customer-specific DPA can be issued during paid onboarding when required.

Roles

The customer controls source code, provider keys, datasets, local model weights, and project secrets. ProofTether Control acts as a hosted control plane for account, organization, project, access, context-pack metadata, evidence, and audit records.

Processing purpose

ProofTether Control processes personal data only to provide account access, organization and seat management, MCP access packs, context-pack metadata, evidence workflows, support, security, and billing status.

Data minimization

Customer source code is not intended to be uploaded or stored as a full repository by the hosted service. MCP and context-pack flows should send scoped metadata, hashes, snippets selected by the customer agent, and evidence references rather than full repository dumps.

Security measures

Tenant-scoped access, authenticated sessions, access packs, audit events, and data-boundary controls are used to limit cross-organization exposure.

Deletion and export

Account, organization, and project metadata deletion/export requests can be submitted through the ProofTether Support Desk form. Some records may be retained when required for legal, security, billing, or audit purposes.

Effective date: 2026-07-01. Public contact uses the ProofTether Support Desk form plus anti-spam electronic aliases to reduce mailbox scraping. Paddle live checkout is pending verification; do not submit unavailable checkout routes as active.