1. Overview
TrustLoop provides a Data Processing Addendum (DPA) for customers who require GDPR-style controller/processor terms and related privacy commitments.
2. Request the DPA
To request our current DPA template (and any required exhibits such as a subprocessor list), email trustloop@thenudge.ai.
3. What it covers (high level)
- Roles (customer as controller, TrustLoop as processor)
- Security measures and confidentiality commitments
- Subprocessors and subprocessor notification process
- International transfer mechanisms where required (e.g., SCCs)
- Support for data subject rights requests (access, deletion, export)
4. Data retention (default vs enterprise options)
TrustLoop’s default posture is to retain in-product data while accounts are active to support longitudinal insights. For certain enterprise customers, a different retention schedule can be agreed by contract (Order Form and/or executed DPA).