Data Processing Addendum (DPA)
Last updated: 2026-06-27. This DPA forms part of the Terms between Samqor, Inc. ("Processor") and the Customer ("Controller").
1. Roles & scope
For Customer Data, the Customer is the Controller and Samqor is the Processor, processing only on documented instructions to provide the service.
2. Subject matter & duration
Processing covers the personal data within Customer Data for the duration of the subscription and any wind-down/export period.
3. Confidentiality & security
Personnel are bound by confidentiality. Samqor implements appropriate technical and organisational measures: encryption (in transit/at rest for sensitive fields), tenant isolation (RLS), access controls (RBAC, least privilege), audit logging, and vulnerability management.
4. Sub-processors
The Customer authorises the sub-processors listed at /subprocessors. We provide notice of changes and a right to object.
5. Data subject requests
Samqor provides self-service export and erasure tooling (Settings → Privacy & Data) and assists the Controller in responding to data-subject requests.
6. International transfers
Where applicable, transfers rely on Standard Contractual Clauses or equivalent safeguards.
7. Breach notification
Samqor notifies the Controller without undue delay after becoming aware of a personal-data breach affecting Customer Data.
8. Deletion & return
On termination, Customer Data is deleted or returned per the Controller's instruction, subject to legal retention.
9. Audits
Samqor makes available information necessary to demonstrate compliance and supports audits subject to reasonable notice and confidentiality.
To execute a signed DPA, contact legal@samqor.com.