1. Parties
This DPA is between you ("Controller") and Kagliostro Inc. ("Processor"). It is incorporated into the Terms of Service automatically upon account creation.
2. Subject matter
Processor will process Controller's personal data solely to provide the Kagliostro Cloud security platform.
3. Duration
Coextensive with the Terms of Service.
4. Nature & purpose
Vulnerability detection, prioritization, auto-remediation, reporting and storage of related metadata.
5. Categories of data subjects
Controller's employees, contractors and end users insofar as their data appears in scanned systems.
6. Categories of data
Source code, configuration files, scan findings, account identifiers, audit logs.
7. Sub-processors
Listed at /sub-processors. Controller is notified 30 days before any addition or change.
8. Security measures
AES-256 at rest, TLS 1.3 in transit, role-based access, MFA on all admin accounts, SOC 2 Type II audited annually.
9. International transfers
EU data stays in EU. Any transfer outside the EEA is covered by Standard Contractual Clauses (2021/914).
10. Audits
Processor provides SOC 2 and ISO 27001 reports annually. On-site audits available for Enterprise customers under NDA.
Download
A counter-signed PDF copy is available at legal@kagliostro.cloud.