PUBLIC WEBSITE
← Trust Center

Privacy · ReguShield AI

Data Processing Agreement

Version 1.0.0Effective 2026-06-28published
Issued by ReguShield UAB, a private limited liability company (uždaroji akcinė bendrovė) incorporated in the Republic of Lithuania (EU), operator of the ReguShield AI platform. Maturity, where stated, is labelled Implemented (live today), Planned (in progress) or Roadmap (intended, not yet in place). This document is compliance decision-support documentation, not legal advice.

This Data Processing Agreement ("DPA") forms part of the agreement between the Customer ("Controller") and ReguShield UAB ("Processor") and governs Processor's processing of personal data under Article 28 of the GDPR.

1. Parties

This agreement is entered into between ReguShield UAB, a private limited liability company (uždaroji akcinė bendrovė) incorporated in the Republic of Lithuania and operator of the ReguShield AI platform ("Provider"), and the Customer, trading as the Customer, established in the Customer's jurisdiction (company registration as recorded at registration) ("Customer"), acting through the Customer's authorised representative, authorised signatory (the registered contact email). Provider and Customer are each a "party".

2. Subject Matter, Nature & Duration

Processor processes personal data contained in the Controller's workspace solely to provide the ReguShield AI platform (ingesting operational/transaction records and producing compliance analysis, scoring and reporting) for the duration of the agreement. Data subjects may include the Controller's customers, counterparties and personnel; data categories are those the Controller chooses to upload.

3. Processor Obligations

Processor processes personal data only on the Controller's documented instructions; ensures persons authorised to process are bound by confidentiality; implements the security measures in clause 5; and assists the Controller, taking into account the nature of processing, with data-subject requests and with its obligations under GDPR Articles 32–36.

4. Sub-processors

The Controller authorises the sub-processors listed in the Trust Center sub-processor register (currently Supabase, Vercel, Resend and OpenAI). Processor imposes equivalent data-protection obligations on each sub-processor and will give the Controller prior notice of any intended addition or replacement, allowing a reasonable opportunity to object.

5. Security Measures (TOMs)

Technical and organisational measures include: encryption in transit (TLS 1.3) and at rest (AES-256); tenant isolation enforced by PostgreSQL row-level security keyed to the workspace owner; role-based access control; append-only audit trails; server-side secret management; and EU data residency. These are described, with maturity status, in the Security Statement.

6. Personal Data Breach & Assistance

Processor notifies the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, with the information reasonably available to support the Controller's own notification obligations.

7. International Transfers

Where a sub-processor processes data outside the EEA, the transfer is made under the European Commission's Standard Contractual Clauses together with appropriate supplementary measures. Hosting of Controller workspace data is in the EU.

8. Return & Deletion

On termination, at the Controller's choice, Processor returns or deletes the personal data it processes on the Controller's behalf, save where retention is required by EU or member-state law.

Governing Law & Jurisdiction

This agreement is governed by the laws of the Republic of Lithuania and the directly applicable law of the European Union, without prejudice to mandatory consumer or data-protection rights available to the Customer in the Customer's jurisdiction. The courts of the Republic of Lithuania have jurisdiction, subject to any mandatory rule conferring jurisdiction elsewhere.

Document Control

Agreement ID RS-AGR-DATAPR-359E13F10FEC · Version 1.0.0 · Effective 2026-06-28 · Reference PUBLISHED. Issued by ReguShield UAB (hello@regushield.ai). This document is compliance decision-support documentation and is not legal advice; obtain qualified advice before reliance.

Decision-support, not legal advice. Questions? hello@regushield.ai.