Dexterion

DATA PROCESSING ADDENDUM (DPA)

Effective Date: 2/15/26
Governing Law: State of Indiana, United States

1. Purpose

This Data Processing Addendum (“DPA”) supplements the Software License Agreement between Dexterion (“Processor”) and the Licensee (“Controller”).

This DPA governs the processing of Personal Data in connection with the Software.

2. Roles of the Parties

• Licensee acts as Data Controller.
  
  

• Dexterion acts as Data Processor.
  
  

Dexterion processes Personal Data solely on documented instructions from Licensee.

3. Scope of Processing

Processing activities may include:

• Storage
  
  

• Organization
  
  

• Retrieval
  
  

• Structured analysis
  
  

• Transmission via APIs
  
  

• Secure deletion
  
  

Processing is limited to internal business operations of the Licensee.

4. Security Measures

Dexterion implements:

• Encryption in transit (TLS 1.2+)
  
  

• Encryption at rest (AES-256)
  
  

• Access controls (least privilege)
  
  

• Authentication safeguards
  
  

• Continuous monitoring
  
  

• Secure infrastructure architecture
  
  

5. Subprocessors

Dexterion may engage vetted subprocessors for infrastructure or hosting.

All subprocessors are contractually bound to:

• Confidentiality
  
  

• Equivalent security standards
  
  

• Lawful data handling obligations
  
  

A subprocessor list is available upon request.

6. Data Subject Rights

Dexterion will assist Licensee, where reasonably possible, in responding to:

• Access requests
  
  

• Rectification requests
  
  

• Deletion requests
  
  

• Restriction requests
  
  

• Data portability requests
  
  

7. Data Breach Notification

In the event of a confirmed Personal Data breach:

• Licensee will be notified without undue delay.
  
  

• Relevant details will be provided as legally required.
  
  

• Immediate remediation steps will be initiated.
  
  

8. Data Retention & Deletion

Upon termination:

• Personal Data will be returned or securely deleted upon request.
  
  

• Deletion will follow industry-standard secure destruction practices.
  
  

9. International Transfers

Where applicable, appropriate safeguards will be implemented for cross-border transfers in accordance with GDPR requirements.

10. Liability

Liability is governed by the Software License Agreement.