Data Processing Addendum

The customer (the firm) is the data controllerfor its clients' personal data and documents. NeuDocs is the data processor, processing that data only on the customer's documented instructions to provide the service.

Subject matter:secure collection, storage, review, and export of documents the customer's clients upload. Data subjects:the customer's staff and clients. Categories of data: contact details and the contents of uploaded documents. Duration:the term of the customer's use, plus the retention window the customer configures.

NeuDocs maintains the technical and organisational measures described on the Security Overview and Trust pages, including tenant isolation, mandatory staff MFA, encryption in transit, private storage with short-lived signed URLs, malware scanning of uploads, and an append-only audit log.

NeuDocs uses the subprocessors listed on the Subprocessors page, and will make a reasonable effort to notify customers of material changes to that list.

Customers can permanently delete a client's or request's data — database records and stored files — from within the product at any time, and can configure automatic retention so closed requests are purged on a schedule. On termination, the customer may export their audit log and request deletion of remaining data, subject to backup expiry.

NeuDocs will notify affected customers without undue delay after becoming aware of a personal-data breach affecting their data — where feasible within 72 hours — with the information reasonably available at the time.

Need a counter-signed DPA for your records? Email support@neudocs.appand we'll provide the binding agreement for signature.