Data Processing Agreement

Aligns with GDPR Art. 28 and DPDP Act §13. Covers personal data processed both via Security Brigade's platforms and during service engagements (VAPT, audits, incident response).

When you need this

If Security Brigade processes personal data on your behalf — whether through our Sentinel platform, a managed-services engagement, or a one-off security assessment — this DPA governs how we handle that data. It incorporates into your underlying Master Services Agreement (MSA) by reference: signing the MSA constitutes execution of this DPA. No separate signature is required.

What's inside

• 1. Background and definitions
• 2. Scope and roles
• 3. Processor obligations
• 4. Sub-processor regime
• 5. International transfers
• 6. Personal data breach
• 7. Data subject rights assistance
• 8. DPIA and consultation assistance
• 9. Audit and inspection
• 10. Term, termination, and destruction
• 11. Liability
• 12. Miscellaneous (governing law, conflicts, incorporation)
• Annex A — Subject matter, duration, nature, purpose
• Annex B — Technical and organisational security measures
• Annex C — Approved sub-processors
• Annex D — Standard Contractual Clauses (reference)

Need redlines or have your own DPA?

We routinely negotiate redlines and accept customer-provided DPAs. Email [email protected] with your draft or your requested changes — we'll respond within two business days.