Data Processing Addendum

1. Scope

This document outlines the data processing terms between ελέα services and enterprise customers. It supplements our Terms of Service and Privacy Policy and details how customer data is handled.

2. Data Security Measures

  • 256-bit AES encryption for stored data
  • Real-time TLS encryption for data in transit
  • Biweekly security audits with SOC 2 Type II attestation
  • Multi-factor authentication for all customer accounts

3. Compliance Frameworks

We maintain certifications and compliance with:

  • ISO/IEC 27001 (Information Security Management)
  • GDPR (General Data Protection Regulation)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • California Consumer Privacy Act (CCPA)

4. Data Subject Rights

We support:

  • Right to access or delete personal data
  • Right to portability (data export) in CSV or JSON format
  • Right to object to data processing
Processing requests are fulfilled within 72 hours.

5. Incident Response

Our breach notification policy includes:

  • 72-hour disclosure to affected customers
  • Free credit monitoring for 12 months on breach claims
  • Dedicated security liaison for enterprise clients

6. Data Retention

Customer data is:

  • Stored until service cancellation
  • Purged within 30 days unless retention is mandated by law
  • Backed up in EU and US regional data centers

This Data Processing Addendum is a legal agreement. For enterprise clients, a signed DPA must be completed to confirm service terms. Contact legal@eleara.org for formal documentation.