Data Processing Addendum

Last updated: January 11, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Riskfend Ltd ("Riskfend") and the User ("Customer").

I. DEFINITIONS

"Personal Data", "Processing", "Controller", and "Processor" shall have the meanings given to them in the UK GDPR and EU GDPR.

II. ROLES AND SCOPE

  • Roles: Customer acts as a Data Controller and Riskfend acts as a Data Processor regarding the Personal Data processed in the course of providing the Service.
  • Scope: This DPA applies to the processing of account metadata (email), technical usage logs (IP addresses), and any personal identifier contained within dependency data explicitly submitted for AI Guidance.

III. DATA PROCESSING OBLIGATIONS

Riskfend shall:

  • Process Personal Data only on documented instructions from the Customer.
  • Ensure that persons authorized to process the data have committed themselves to confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Assist the Controller in responding to requests for exercising data subject rights.
  • Notify the Controller without undue delay after becoming aware of a personal data breach.

IV. SUB-PROCESSORS

Customer provides a general authorization for Riskfend to engage sub-processors (e.g., DeepSeek for AI processing, payment processors). Riskfend shall remain liable for the performance of its sub-processors' obligations.

V. DATA TRANSFERS

Personal data may be transferred outside the UK or EEA. Riskfend ensures such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) where required.

VI. DELETION OR RETURN

Upon termination, Riskfend shall, at the choice of the Customer, delete or return all personal data, unless applicable law requires storage.

Questions about our DPA? Contact us at support@riskfend.com