@extends('layouts.app') @section('title', 'Veriqo - Data Processing Agreement') @section('content')

Data Processing Agreement

Enterprise-grade compliance for executive decision intelligence

Last Updated: October 1, 2025

Payment Terms

  • Data Controller: Customer (you)

  • Data Processor: Digital Pulse 365 Ltd. (trading as VERIQO), registered at 128 City Road, London, EC1V 2NX, UK

Scope & Purpose

This DPA governs the processing of personal data submitted via VERIQO’s AI decision platform. Processing is strictly limited to:

  • Authentication (email address)

  • Payment processing (via Stripe)

  • Delivery of AI-generated strategic analysis

Query content is NOT processed as personal data under this agreement, as it is deleted within 60 seconds and never stored.

Data Processing Principles

  • Lawfulness: Processing only as instructed by Controller

  • Purpose Limitation: No use beyond service delivery

  • Data Minimization: Only essential data collected

  • Storage Limitation: All data deleted per retention policy

  • Zero Retention: Strategic queries deleted within 60 seconds

Security Measures

VERIQO implements and maintains appropriate technical and organizational measures:

  • Encryption of data in transit (TLS 1.3)

  • Secure processing environment with no persistent storage

  • Regular security testing and vulnerability scanning

  • Access controls and authentication (MFA for staff)

  • SOC 2 Type II compliance (in progress)

  • Annual third-party penetration testing

Sub-Processors

VERIQO uses the following sub-processors:

  • Stripe: processing (GDPR-compliant)

  • AWS: Cloud infrastructure (EU/UK regions only)

  • Auth0:Identity management (enterprise plans)

Customers will be notified of new sub-processors with 30 days to object.

Data Subject Rights

VERIQO will assist the Controller in fulfilling data subject requests, including:

  • Access, rectification, erasure

  • Restriction of processing

  • Data portability (limited to account metadata)

Note: Query content is not retained and cannot be retrieved.

International Transfers

All data processing occurs within the UK or EU. No transfers to third countries.

Audit & Compliance

VERIQO will:

  • Provide annual compliance reports

  • Allow Controller audits with 30 days notice

  • Maintain records of processing activities

Term & Termination

This DPA remains in effect while the VERIQO service is active. Upon termination:

  • All personal data will be securely deleted within 30 days

  • No backups or copies retained

@endsection