Data Processing Agreement

Controller

"Controller" means the entity that determines the purposes and means of the processing of Personal Data. In the context of this DPA, the Customer is the Controller of Customer Personal Data.

Processor

"Processor" means the entity that processes Personal Data on behalf of the Controller. TerraBog Analytics, Inc. acts as a Processor when processing Customer Personal Data as part of delivering the Service.

Customer Personal Data

"Customer Personal Data" means any personal data that is contained within data uploaded to, connected to, or otherwise ingested into the TerraBog Analytics platform by the Customer or its authorized users, including data processed through any of the 27 supported data connectors.

Sub-processor

"Sub-processor" means any third-party entity engaged by TerraBog to assist in fulfilling its obligations under this DPA that will have access to or process Customer Personal Data.

Data Protection Law

"Data Protection Law" means all applicable privacy and data protection legislation including, but not limited to, the EU General Data Protection Regulation (GDPR, Regulation 2016/679), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and their respective implementing regulations and guidance.

Personal Data Breach

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise processed by TerraBog.

Subject matter

TerraBog processes Customer Personal Data to provide the Service as described in the Agreement. The Service includes data ingestion (file upload and connector-based import), automated data pipeline processing (validation, cleaning, deduplication, normalization, PII detection and masking, canonicalization), data warehousing in Google BigQuery, dbt-powered transformations, BigQuery ML scoring, AI-powered insights via Claude AI, dashboard analytics, and outbound integrations configured by the Customer.

Categories of data subjects

Data subjects may include the Customer's end customers, prospects, employees, contractors, suppliers, and other individuals whose Personal Data is contained within the Customer's uploaded or connected datasets.

Types of Personal Data

Personal Data processed may include: names, email addresses, phone numbers, mailing addresses, transaction histories, purchase amounts, product preferences, IP addresses, device identifiers, and any other personal data contained in datasets uploaded or connected by the Customer.

Duration

Processing will continue for the duration of the Agreement plus the 30-day post-termination data export period. Following the export window, all Customer Personal Data will be permanently deleted from all TerraBog systems (BigQuery, Cloud SQL, and Google Cloud Storage) unless retention is required by applicable law.

Documented instructions

TerraBog will process Customer Personal Data only on documented instructions from the Customer, including with regard to international transfers. The Customer's use of the Service, configuration of data connectors, pipeline settings, and integration configurations constitute documented instructions. TerraBog will promptly inform the Customer if, in its reasonable opinion, an instruction infringes applicable Data Protection Law.

Confidentiality

TerraBog ensures that all personnel authorized to process Customer Personal Data are bound by appropriate obligations of confidentiality, whether by contract or statutory obligation, and have received appropriate training on data protection requirements.

Purpose limitation

TerraBog will not process Customer Personal Data for any purpose other than providing the Service in accordance with the Customer's documented instructions, unless required to do so by applicable law. In such cases, TerraBog will inform the Customer of that legal requirement before processing, unless prohibited by law from doing so.

Data minimization

TerraBog processes only the Customer Personal Data necessary to deliver the Service. The platform's automated PII detection identifies credit card numbers (via Luhn algorithm validation), Social Security Numbers, and bank account numbers, and automatically masks such data before storage unless the Customer has configured alternative handling.

Encryption at rest

All Customer Personal Data stored in Google BigQuery, Cloud SQL (PostgreSQL), and Google Cloud Storage is encrypted at rest using Google-managed encryption keys (AES-256). Enterprise customers may request Customer-Managed Encryption Keys (CMEK) for additional control over key lifecycle management.

Encryption in transit

All data transmitted between the Customer's browser and the Service, between internal microservices (API, Worker, Web), and between the Service and Google Cloud infrastructure is encrypted using TLS 1.2 or higher.

Access control

TerraBog enforces strict tenant isolation via tenant_id-based row-level security across all data stores. User authentication is handled via JWT tokens. The platform supports Google OAuth, GitHub OAuth, Enterprise SSO (Azure AD, Okta), SCIM 2.0 provisioning, multi-factor authentication (TOTP), and IP allowlist enforcement (Enterprise plans).

Infrastructure security

The Service is hosted on Google Cloud Platform in the us-central1 region. The application runs on Cloud Run (fully managed serverless containers). Infrastructure is provisioned and managed via Terraform with version-controlled configurations. Network access is restricted via VPC configuration with private-ranges-only egress for backend services.

Audit logging

All security-relevant events are recorded in append-only audit logs, including authentication attempts, role changes, data access, pipeline executions, data exports, and administrative actions. Audit logs are retained for 12 months by default and up to 7 years on Enterprise plans.

Breach notification

In the event of a confirmed Personal Data Breach, TerraBog will: (a) notify the Customer without undue delay and no later than 72 hours after becoming aware of the breach; (b) provide sufficient information to allow the Customer to meet its own notification obligations under applicable Data Protection Law; (c) take reasonable steps to mitigate the effects of the breach; and (d) cooperate with the Customer's investigation and remediation efforts.

Security assessments

TerraBog undergoes annual penetration testing by accredited third-party security firms and maintains SOC 2 Type II certification. Copies of the most recent SOC 2 report and penetration testing summary are available to Enterprise customers under mutual NDA.

General authorization

The Customer provides general written authorization to TerraBog to engage sub-processors for the provision of the Service. TerraBog will impose data protection obligations on each sub-processor that are no less protective than those set out in this DPA, and TerraBog remains fully liable for the acts and omissions of its sub-processors.

Current sub-processors

TerraBog's current sub-processors are: Google Cloud Platform (infrastructure -- Cloud Run, BigQuery, Cloud SQL, Google Cloud Storage; location: us-central1, Iowa, USA), Stripe, Inc. (payment processing; location: USA), Resend, Inc. (transactional email delivery; location: USA), and Clerk, Inc. (authentication and identity management; location: USA). The complete and current sub-processor list is maintained at terraboganalytics.com/legal/sub-processors.

Change notification

TerraBog will notify the Customer via email and in-product notification of any intended addition or replacement of sub-processors at least 30 days before the new sub-processor begins processing Customer Personal Data. The notification will include the sub-processor's name, location, and description of processing activities.

Objection right

The Customer may object to the appointment of a new sub-processor by notifying TerraBog in writing within 15 days of receiving the notification. TerraBog will use commercially reasonable efforts to make available to the Customer an alternative arrangement that avoids the use of the objected-to sub-processor. If no alternative is reasonably available, either party may terminate the affected portion of the Service upon 30 days written notice.

Data residency

Customer Personal Data is processed and stored in Google Cloud Platform's us-central1 region (Council Bluffs, Iowa, USA). All primary data stores -- BigQuery (data warehouse), Cloud SQL (metadata database), and Google Cloud Storage (file storage) -- are located in this region.

Transfer mechanisms

For transfers of Customer Personal Data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, TerraBog relies on: (a) the EU-U.S. Data Privacy Framework (DPF) and UK Extension to the DPF, where applicable; and (b) the EU Standard Contractual Clauses (SCCs) in the form approved by the European Commission (Implementing Decision 2021/914), incorporated into this DPA by reference as a fallback mechanism.

Supplementary measures

TerraBog has conducted transfer impact assessments for all international transfers and has implemented supplementary technical measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256 via Google-managed keys), strict access controls, and comprehensive audit logging. TerraBog will promptly notify the Customer if it receives a government access request that relates to Customer Personal Data, unless prohibited by law.

Canadian transfers

For transfers involving personal information of Canadian residents, TerraBog ensures compliance with PIPEDA cross-border transfer requirements by maintaining comparable levels of protection through contractual obligations and the technical measures described in this DPA.

Assistance with requests

TerraBog will provide reasonable and timely assistance to the Customer in responding to requests from data subjects exercising their rights under applicable Data Protection Law (including rights of access, rectification, erasure, restriction, portability, and objection), taking into account the nature of the processing and the information available to TerraBog.

Redirect of direct requests

If TerraBog receives a data subject request that relates to Customer Personal Data directly from a data subject, TerraBog will promptly (and in any event within 5 business days) notify the Customer and refer the data subject to the Customer, without responding to the request directly unless legally required to do so.

Data deletion and return

Upon termination of the Agreement or upon the Customer's written request, TerraBog will, at the Customer's election: (a) return all Customer Personal Data in a structured, machine-readable format (JSON or CSV); or (b) permanently delete all Customer Personal Data from BigQuery, Cloud SQL, and Google Cloud Storage. TerraBog will certify in writing that deletion has been completed. Deletion will be carried out within 30 days of the request, except where retention is required by applicable law.

Data protection impact assessments

TerraBog will provide reasonable assistance to the Customer in conducting data protection impact assessments and prior consultations with supervisory authorities, to the extent required under applicable Data Protection Law and taking into account the nature of the processing and the information available to TerraBog.

Audit information

TerraBog will make available to the Customer all information reasonably necessary to demonstrate compliance with the obligations set out in this DPA, including copies of relevant certifications (SOC 2 Type II report), penetration testing summaries, and internal policy documentation.

On-site audits

The Customer may conduct, or engage a qualified independent third-party auditor to conduct, an audit of TerraBog's processing activities and security measures, subject to: (a) at least 30 days advance written notice; (b) a mutually agreed scope and schedule; (c) confidentiality obligations binding the auditor; and (d) a limit of one audit per 12-month period (unless a Personal Data Breach has occurred or a supervisory authority requires an additional audit). TerraBog will cooperate with reasonable audit requests at no additional charge.

Regulatory cooperation

TerraBog will cooperate with and assist the Customer in responding to inquiries or investigations by data protection supervisory authorities relating to the processing of Customer Personal Data under this DPA.