// DPA · DATA PROCESSING

Data Processing Agreement

How Vezran processes, protects, and handles customer data on behalf of our customers.

Overview

This Data Processing Agreement ("DPA") forms part of the agreement between VEZRAN, Inc. ("Processor") and the customer ("Controller") for the provision of Vezran's services. This DPA sets out the terms under which Vezran processes personal data on behalf of the customer.

1. Definitions

  • Personal Data means any information relating to an identified or identifiable natural person processed by Vezran on behalf of the customer.
  • Processing means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • Sub-processor means any third party engaged by Vezran to process personal data on behalf of the customer.

2. Scope of Processing

Vezran processes personal data solely for the purpose of providing its services as described in the applicable service agreement. Processing activities include:

  • Receiving and analyzing security telemetry and log data
  • AI-powered threat detection and incident response
  • Storing analysis results and audit trails
  • Generating reports and alerts

3. Data Security

Vezran implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls with role-based permissions and audit logging
  • Regular security assessments and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Incident response procedures with defined notification timelines

4. Sub-processors

Vezran may engage sub-processors to assist in providing services. Vezran maintains a list of current sub-processors and will notify the customer of any changes. Sub-processors are bound by data protection obligations no less protective than those in this DPA.

5. Data Subject Rights

Vezran will assist the customer in responding to data subject requests (access, rectification, erasure, portability, restriction, and objection) to the extent that Vezran processes the relevant personal data on the customer's behalf.

6. Data Retention & Deletion

Upon termination of the service agreement, Vezran will delete or return all personal data within 30 days, unless retention is required by applicable law. The customer may request deletion at any time during the term of the agreement.

7. International Transfers

Vezran is a US-based company. Where personal data is transferred outside the customer's jurisdiction, Vezran ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required.

8. Breach Notification

In the event of a personal data breach, Vezran will notify the customer without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, and measures taken to mitigate it.

9. Request a Signed DPA

Enterprise and government customers requiring a countersigned DPA with custom terms can request one by contacting our legal team.

Need a Custom DPA?

Contact our legal team to request a countersigned DPA or discuss specific data processing requirements.

Email Legal TeamSecurity Overview