0h1bai.co
Legal

Data Processing Agreement

Last updated · 2026-05-19 · v0.1 (stub — counsel-reviewed version publishes before GA)

1. Roles

For data the Platform processes on behalf of your child company, the child company is the Controller and 0h1bai is the Processor.

2. Subject matter

Operation of your child company under the Platform's services, including agent-driven product, support, marketing, finance, and compliance activities.

3. Duration

For the duration of the Master Subscription Agreement.

4. Sub-processors

Listed publicly at /trust. We notify you 30 days before adding a sub-processor. You may object; we will work with you in good faith on alternatives.

5. Security measures

Per-tenant database schema, envelope encryption with per-tenant DEK wrapped by per-tenant KEK wrapped by platform root KEK in AWS KMS, TLS 1.3 in transit, append-only audit log with cryptographic chaining.

6. Sub-processor flow-down

Each sub-processor is bound by contractual obligations no less protective than those in this DPA.

7. Standard Contractual Clauses

Where personal data leaves the EEA / UK, the EU 2021/914 SCCs (as amended) and the UK IDTA apply.

8. Breach notification

Within 72 hours of awareness.

v0.1 stub — counsel-reviewed and counter-signable version publishes before GA.