Data processing addendum

Operator. Kagliostro Cloud is operated by KAMALOKA AI TECHNOLOGIES LLC ("Kamaloka", "we", "us"). Registered in Delaware, United States. Contact: legal@kagliostro.io.

This Data Processing Addendum ("DPA") is incorporated into the Terms of Service between Kamaloka AI Technologies LLC ("Processor") and the Customer ("Controller") when personal data is processed in connection with the Service.

1. Subject matter

The Processor processes personal data on behalf of the Controller as necessary to deliver the Service: scan data, user accounts, audit logs.

2. Duration

For the duration of the Agreement, plus a maximum 30 days deletion window upon termination.

3. Nature and purpose

Security scanning, monitoring, vulnerability remediation, AI-assisted analysis, and reporting.

4. Categories of data subjects

Customer end users, Customer employees, and individuals appearing in scanned content.

5. Security measures

Encryption (AES-256 at rest, TLS 1.3 in transit), least-privilege access, audit logging, employee security training, SOC 2 Type II compliance.

6. Subprocessors

Customer authorizes the use of subprocessors listed at /subprocessors. 30 days notice for material changes.

7. International transfers

For data exported from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Breach notification

The Processor will notify the Controller of a personal data breach without undue delay and within 72 hours of becoming aware.

9. Audit

The Processor will make available evidence of compliance (SOC 2, penetration tests) and, with reasonable notice, allow audits.

To execute a signed DPA, email legal@kagliostro.io.