Legal

Data Processing Addendum

Last updated: placeholder. Awaiting legal review.

This page is a placeholder. The Iris Platform DPA covers Article 28 GDPR requirements with a UK addendum and the EU Standard Contractual Clauses.

Headline commitments

• Customer is the data controller; Iris is the data processor.
• Processing is performed only on documented instructions from the customer.
• EU or US data residency at signup (Inbox / Automate); EU / US / AU dedicated tenants on Operate.
• Sub-processor list is published and changes are notified in advance.
• Notification of personal-data breaches without undue delay.
• Assistance with DSARs, DPIAs and supervisory-authority enquiries.
• Deletion or return of personal data on termination.

Customers and prospective customers can request the executable DPA and the current sub-processor list via our contact form.