Data Processing Agreement

Processing of customer workspace content to provide the Juxto platform.

Duration is the term of the customer subscription plus a deletion or return period of 30 days.

Hosting, storage, access control, sharing, support, and security for customer workspaces.

No analytics or advertising processing is performed by default.

• Customer account and user identifiers (name, email).
• Workspace content: subject records, case records, images, and derived metadata.
• Usage and security logs (IP address, timestamps).

• Customer users and administrators.
• End customers or contacts whose information is included in workspace content.
• Third parties captured in customer content.

We process data only on documented instructions from the customer, including through configuration of the service.

Personnel with access to data are bound by confidentiality obligations.

We implement technical and organizational measures described in the Security & TOMs document.

We regularly review and improve these measures.

Approved subprocessors are listed in the Subprocessor List.

We will notify customers of material changes and allow reasonable objections.

If processing involves transfers outside the EEA or Switzerland, we rely on SCCs or adequacy decisions.

We assist customers with data subject requests, DPIAs, and consultations as required by law.

We will notify customers of personal data breaches without undue delay.

Upon termination, customers may export data and request deletion without undue delay. Backups follow a rolling schedule and are removed within 30 days.

We will delete or return data unless retention is legally required.

Customers may audit compliance with reasonable notice and frequency, subject to confidentiality and security safeguards.