Pending counsel review · do not rely on this draft
This document is a working draft prepared by the product team. It is not a binding legal agreement until reviewed and approved by our counsel.
For the current operating draft, email legal@aura4.example.
Legal · draft
Data Processing Addendum
Last updated · 2026-05-28 (draft)
1. Scope and roles
[TO BE FILLED IN BY COUNSEL] Establish that Aura 4 acts as Processor for customer-uploaded content and as Controller for billing / account data.
2. Subject matter and duration
[TO BE FILLED IN BY COUNSEL]
3. Processing instructions
[TO BE FILLED IN BY COUNSEL]
4. Subprocessors
[TO BE FILLED IN BY COUNSEL] List mirrors /security § Subprocessors. 30-day pre-notification on additions or replacements.
5. Technical and organisational measures (TOMs)
[TO BE FILLED IN BY COUNSEL] Reference the controls described in /security verbatim — encryption, access control, audit logging, residency.
6. Data subject requests
[TO BE FILLED IN BY COUNSEL]
7. Personal data breach notification
[TO BE FILLED IN BY COUNSEL] 72-hour standard.
8. International transfers
[TO BE FILLED IN BY COUNSEL] EU SCCs and UK Addendum.
9. Audits and information
[TO BE FILLED IN BY COUNSEL]
10. Return and deletion of data
[TO BE FILLED IN BY COUNSEL]