Data Processing Agreement

Last updated: January 15, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Agreement between Metalogue, Inc. ("Processor") and the Customer ("Controller") and governs the processing of personal data by Metalogue on behalf of the Customer.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data
  • "Sub-processor" means any third party engaged by Metalogue to process Personal Data

3. Data Processing Scope

Metalogue processes Personal Data only as necessary to provide the Universal Context Layer services, including:

  • Synchronizing data from connected sources
  • Creating ephemeral semantic indices for queries
  • Enforcing access control policies
  • Maintaining audit logs

4. Security Measures

Metalogue maintains comprehensive technical and organizational security measures including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • SOC 2 Type II certified infrastructure
  • Role-based access controls
  • Regular security audits and penetration testing
  • Incident response procedures

5. Sub-processors

Controller authorizes Metalogue to engage sub-processors for the provision of services. A current list of sub-processors is available upon request. Metalogue will notify Controller of changes to sub-processors with 30 days advance notice.

6. Data Subject Rights

Metalogue will assist Controller in responding to data subject requests (access, rectification, erasure, portability) through our administrative APIs and support channels.

7. Data Deletion

Upon termination of services, Metalogue will delete all Personal Data within 30 days, except as required by law. Controller may request a certificate of deletion.

8. GDPR Compliance

This DPA incorporates Standard Contractual Clauses (SCCs) for international data transfers where required by GDPR. Metalogue maintains EU-representative contact for GDPR inquiries.

9. Contact

For DPA inquiries and execution:
Email: dpa@metalogue.dev
Data Protection Officer: dpo@metalogue.dev