Data Processing Agreement
Standard contractual clauses for GDPR compliance and data protection.
OmegaEngine DPA
Version 2.0 — January 2026
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person as defined in the GDPR. "Processing" means any operation performed on Personal Data. "Controller" means the entity determining the purposes and means of Processing. "Processor" means the entity Processing Personal Data on behalf of the Controller.
2. Scope of Processing
OmegaEngine processes decision metadata on behalf of the Customer. Decision payloads may contain Personal Data depending on the Customer's use case. OmegaEngine acts as a Processor when handling such data.
3. Data Security
- • All data encrypted at rest with AES-256
- • All data encrypted in transit with TLS 1.3
- • Access controls with role-based permissions
- • Regular security audits and penetration testing
- • SOC 2 Type II certified
4. Sub-processors
OmegaEngine uses the following sub-processors: AWS (infrastructure), Stripe (billing), Datadog (monitoring). Customer will be notified of any changes to sub-processors with 30 days notice.
5. Data Retention
Decision audit trails are retained for 90 days by default. Enterprise customers may configure custom retention periods. Data is permanently deleted upon account termination upon request.
6. Data Subject Rights
OmegaEngine will assist Customer in responding to data subject requests including access, rectification, erasure, and portability. Requests should be directed to privacy@omegaengine.ai.