Data Processing Agreement

Vendor: [Your Name], RuleCheck Date: [To be completed on signing] 1. Data Processing Vendor processes files provided by Client for the sole purpose of compliance checking. 2. Data Security Vendor implements: - Encryption in transit (TLS 1.3 via Render.com) - Encryption at rest (AES-128-CBC, Fernet symmetric encryption) - Automatic deletion (24 hours — files are processed in memory and not written to disk by default) - Audit logging (90-day retention) 3. No Storage Files are not stored permanently. File content is processed in memory only. Run metadata (matter name, forum, score, timestamp) is retained in an audit log for 90 days. 4. Subprocessors Vendor uses Render.com and Cloudflare as infrastructure partners. 5. Breach Notification Vendor notifies Client of any data breach within 48 hours. 6. Audit Rights Client may request the audit log of their data processing at any time. 7. Term This agreement is effective for the duration of Client's use. Signed: ____________________ Date: _____________________