This Data Processing Addendum (“DPA”) forms part of the agreement between the customer (“Customer”, the controller) and Vijnara (the processor) for the provision of the Service. It reflects the parties' obligations under applicable data-protection laws, including the GDPR and UK GDPR. It supplements our Privacy Policy and is governed by the Terms of Use.
This DPA applies where Vijnara processes personal data contained in Customer Data on behalf of the Customer in connection with the Service. As between the parties, the Customer is the controller (or processor acting for another controller) and Vijnara is the processor. Vijnara processes personal data only on the Customer's documented instructions, including as set out in this DPA and the Agreement.
Terms such as “controller”, “processor”, “data subject”, “personal data”, “processing” and “supervisory authority” have the meanings given in applicable data-protection law. “Customer Data” means the documents, files and data the Customer connects to or submits through the Service. “Sub-processor” means a third party engaged by Vijnara to process personal data.
Vijnara will:
The Customer is responsible for the lawfulness of the personal data it provides and the instructions it gives, for having a valid legal basis for the processing, for providing any required notices to data subjects, and for configuring the access controls that govern retrieval within the Service.
The Customer authorizes Vijnara to engage sub-processors (such as cloud hosting, infrastructure and model providers) to process personal data, provided that Vijnara imposes data-protection obligations no less protective than this DPA and remains responsible for their performance. Vijnara maintains a current list of sub-processors, available to the Customer on request, and will give reasonable notice of intended changes so the Customer may object on legitimate grounds.
Vijnara maintains technical and organizational measures designed to protect personal data, including encryption in transit and at rest, role- and department-based access controls, least-privilege internal access, audit logging, network and application security controls, and monitoring. Our architecture is built to align with frameworks such as SOC 2, ISO 27001, GDPR and HIPAA; specific certifications depend on the deployment configuration.
Where Vijnara transfers personal data across borders, it does so using an appropriate transfer mechanism, such as the Standard Contractual Clauses or equivalent safeguards, together with supplementary measures where required. Customers requiring data residency may discuss private or in-region deployment options with Vijnara.
Taking into account the nature of the processing, Vijnara will assist the Customer by appropriate technical and organizational measures, insofar as possible, to respond to requests from data subjects exercising their rights. If Vijnara receives a request directly, it will, where permitted, refer the data subject to the Customer rather than responding on the Customer's behalf.
Vijnara will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer personal data, and will provide information reasonably available to assist the Customer in meeting its own notification obligations. Notification is not an acknowledgment of fault or liability.
Vijnara will make available information reasonably necessary to demonstrate compliance with this DPA, and will allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, subject to reasonable confidentiality, scheduling and security conditions. Where available, third-party certifications and audit reports may be provided to satisfy audit requests.
On termination or expiry of the Agreement, Vijnara will, at the Customer's choice, delete or return Customer personal data and delete existing copies, unless retention is required by law. Backups are deleted in the ordinary course in line with documented retention schedules.
To request this DPA as a signable document, our sub-processor list, or our security documentation, contact us: