Data Processing Agreement
Last updated: 2026-05-28
This document is a working template and not yet finalized by counsel. It is provided for transparency about our intended terms. The binding agreement for your account is the one executed during onboarding. Questions: legal@waveform.vision.
1. Roles
For Customer Data containing personal data, you act as the controller and WaveForm acts as the processor, processing such data solely on your documented instructions to provide the Services.
2. Processing scope
Subject matter: provision of the WaveForm platform. Duration: the term of your agreement. Nature: capture ingest, reconstruction, storage, and delivery. Data subjects + categories: as determined by the Customer Data you upload.
3. Subprocessors
You authorize the subprocessors listed at /legal/subprocessors. We give notice of changes and remain responsible for their performance.
4. Security measures
Encryption in transit + at rest, per-customer access control, append-only audit logging, and signed-artifact integrity. See /security.
5. Data subject requests + breach notice
We assist you in responding to data-subject requests and notify you without undue delay upon becoming aware of a personal-data breach affecting your data.
6. Deletion + return
On termination we make Customer Data available for export, then delete it subject to legal retention obligations.
7. Execution
To execute a countersigned DPA for your account, contact legal@waveform.vision.