Data Processing Agreement

Last Updated: January 2026

This Data Processing Agreement supplements the service agreement between SolidusGrid Ltd (“Processor”) and its clients (“Controller”) and governs processing of personal data to deliver infrastructure services. SolidusGrid Ltd is incorporated and headquartered in Chișinău, Republic of Moldova and complies with the Republic of Moldova Law on Personal Data Protection, the UK GDPR, the Data Protection Act 2018, and other applicable data protection laws depending on the data subject's location.

Processing Scope

The Processor handles client data to deliver verification, trust & safety, and RLHF operations. Categories include contact and CRM data, user-generated content, behavioral signals, onboarding documentation, and service performance logs. The duration aligns with the client agreement plus any required retention periods.

Client Instructions & Controls

  • The Processor acts solely on documented instructions, including scope, retention, and deletion requirements.
  • The Processor maintains data mapping, audit trails, and approval workflows for each processing activity.
  • The Controller may audit workflows or request evidence of compliance, subject to reasonable notice and fees.

Security Measures

We implement technical and organizational safeguards commensurate with the risk, including multi-tenant isolation, role-based access, encryption in transit and at rest, endpoint protection, logging/monitoring, and SOC 2 Type II controls.

Subprocessors & Transfers

The Processor may engage subprocessors (e.g., platform providers, analytics partners). Subprocessor contracts mirror these data protection obligations. The Controller will receive notice of new subprocessors and can object in writing. Cross-border transfers rely on adequacy decisions or Standard Contractual Clauses.

Data Subject Rights

The Processor assists the Controller with Data Subject Access Requests, rectification, erasure, and portability, using documented processes. The Controller remains responsible for responding to requests and providing the Processor with instructions.

Incident Notification

The Processor notifies the Controller without undue delay after becoming aware of a personal data breach and provides relevant information to support regulatory reporting.

Termination & Deletion

Upon termination, personal data is returned or securely deleted according to documented procedures, unless retention is required by law.

Contact our Data Protection Officer at [email protected] for any DPA-related questions.