Data Processing Agreement
DPA overview for customer content, subprocessors, security measures, retention, deletion, and international transfer terms.
Processor role
For customer-controlled workspace content, TrustRFP AI acts as a processor or service provider and processes personal data according to the customer agreement, DPA, product configuration, and documented instructions.
- Customer content may include questionnaire data, security evidence, contracts, policies, answer drafts, citations, and audit records.
- TrustRFP AI uses subprocessors only for purposes needed to provide, secure, support, and bill the service.
- Subprocessor categories are published on the subprocessors page.
Security measures
The service is designed with workspace isolation, RBAC, MFA support, audit logs, encryption in transit, private object storage, security scanning, and production readiness checks.
Assistance and deletion
TrustRFP AI supports reasonable assistance for data subject requests, deletion/export requests, security review, incident response, and customer audit questionnaires according to the applicable agreement.
International transfers
Data location, subprocessors, transfer terms, and dedicated deployment requirements may be addressed through enterprise agreements or marketplace private offer terms.