Standard DPA that supplements our Terms of Service for customers subject to GDPR, UK-GDPR, DPDP, or similar data-protection regulation.
This Data Processing Agreement ('DPA') forms part of the Master Service Agreement between DTRAS-G Solutions Private Limited. ('Processor') and the customer entity ('Controller') and governs the processing of Personal Data carried out by the Processor on the Controller's behalf.
In the event of conflict between the DPA and the MSA, the DPA controls with respect to data-protection matters.
The Processor processes Personal Data submitted by the Controller for the sole purpose of providing the ShieldMind security platform — endpoint telemetry, AI prompt scanning, threat detection, compliance reporting, and the agreed sub-functions.
Processing continues for the duration of the MSA. Upon termination, the Processor returns or deletes Personal Data within 30 days unless retention is required by law.
Nature: collection, storage, structuring, analysis, blocking, deletion of telemetry related to security events.
Purpose: detection of security threats and policy violations on Controller-owned endpoints; production of compliance evidence.
Employees, contractors, and other authorized users of the Controller whose devices have the ShieldMind agent installed.
End-users interacting with Controller-operated AI agents that are protected by the ShieldMind AI Agent Firewall.
Identifiers: device IDs, user accounts, email addresses, IP addresses.
Activity: process executions, file events, network connections, browser URLs, clipboard content, AI prompts (when policy allows).
Special-category data may be present if the Controller's users include such data in prompts or files; the Controller is responsible for legal basis.
Process Personal Data only on documented instructions from the Controller.
Ensure personnel with access are bound by confidentiality obligations.
Implement appropriate technical and organisational security measures (see Annex II).
Engage sub-processors only with prior general authorisation (current list at shieldmind.io/legal/sub-processors).
Assist the Controller in fulfilling Data Subject requests within the legally required time frame.
Notify the Controller of any Personal Data breach without undue delay and within 72 hours of becoming aware.
For transfers outside the EEA, UK, or other jurisdictions with adequacy requirements, the parties rely on Standard Contractual Clauses (Module 2: Controller to Processor) which are incorporated by reference into this DPA.
The Controller may, no more than once per year, request an audit of the Processor's compliance with this DPA.
The Processor's annual SOC 2 Type II report is provided in lieu of customer audits in most cases.
Reasonable notice (30 days) and confidentiality apply to any on-site audit.
Liability under this DPA is subject to the limitation-of-liability clauses in the MSA. This DPA terminates simultaneously with the MSA.
See the live list at shieldmind.io/legal/sub-processors, updated as relationships change. Material changes notified to the Controller at least 30 days in advance.
Encryption: AES-256 at rest, TLS 1.3 in transit, cert-pinned agent uploads.
Access control: role-based, MFA-enforced for all employees, least-privilege by default, quarterly access reviews.
Monitoring: centralised logging, automated anomaly detection, 24/7 on-call rotation.
Resilience: multi-AZ deployment, daily backups, documented disaster-recovery plan tested annually.
Vendor management: all sub-processors contractually bound to equivalent obligations.
Questions about this document? Email bd@dtrasglobal.com — we reply within 2 business days.