Data Processing Agreement (DPA)

When a business customer uses OWL to process personal data, NDEVR acts as a processor on that customer's behalf. This page is a transparency template of the GDPR Article 28 terms that govern that relationship — what we process, the security we apply, the sub-processors involved, and how international transfers are handled.

Part of NDEVR's compliance & conformity program · To request a signed DPA: privacy@ndevr.org.

Template, not a signed agreement. This page is published for transparency. The binding DPA is the document executed between NDEVR and a specific customer, and it is subject to legal review before signature. Nothing here is a representation that a DPA is in force unless you have signed one with us.

1. Roles & subject matter

For personal data that a customer puts into OWL, the customer is the controller and NDEVR is the processor (or, where the customer is itself a processor, NDEVR is a sub-processor). NDEVR processes that data only to provide the OWL service — encrypted file storage and sync, sharing, messaging, and the associated account, licensing and billing features.

  • Duration: for the term of the customer's use of OWL, plus the limited retention described in our privacy policy.
  • Nature & purpose: storage, transmission, sharing, and processing of customer content and the associated metadata strictly to deliver the service the customer has configured.
  • Types of data: account identifiers (e.g. usernames, email addresses), file and folder metadata (names, sizes, types, timestamps, sharing relationships), message metadata, billing/licensing metadata, and server logs (including IP addresses). The contents of files and messages are end-to-end encrypted (see below).
  • Categories of data subjects: the customer's authorized users and any individuals whose personal data the customer chooses to store in OWL.
Zero-knowledge changes what we can process. OWL is end-to-end encrypted: file and message contents are sealed on the user's device and we store only ciphertext we cannot decrypt. As processor, NDEVR therefore handles only ciphertext plus metadata for that content — we cannot read it, and neither can a server operator with database access. This materially limits the personal data exposed to us.

2. Processor obligations

Under this template, NDEVR commits to the Article 28(3) obligations:

ObligationHow OWL meets it
Process only on documented instructionsWe process customer personal data only to provide the service as configured by the customer, and as required by applicable law (we will notify the customer of such a legal requirement unless prohibited).
ConfidentialityPersonnel authorized to process customer data are bound by confidentiality.
Security (Art. 32)End-to-end AES-256 content encryption, authenticated AES-256-GCM key wrapping, P-256 ECIES, bcrypt credentials, pinned-root TLS, rate limiting and lockout, audit logging, and HTTP security headers. See cryptography and security overview.
Sub-processorsWe use a defined list of sub-processors under written terms, with the customer's authorization and advance notice of changes. See sub-processors.
Assist with data-subject requestsWe help the customer respond to access, deletion, correction, and portability requests, taking the zero-knowledge architecture into account.
Assist with security, breach & DPIA dutiesWe assist with the controller's obligations under Articles 32–36, including breach notification.
Breach notificationWe notify the customer without undue delay after becoming aware of a personal-data breach affecting their data.
Deletion or return on terminationOn termination, at the customer's choice, we delete or return customer personal data, subject to the retention described in the privacy policy.
Audit & informationWe make available the information needed to demonstrate compliance and contribute to audits, as agreed in the executed DPA.

3. Sub-processors

NDEVR engages the third-party providers listed on the sub-processor page — hosting (AWS Lightsail, US), payments (Stripe / PayPal, on their hosted pages), an optional AI provider, and user-initiated cloud import (Dropbox / OneDrive / Google Drive). Because OWL is end-to-end encrypted, sub-processors never receive readable file or message content. We give customers advance notice of new sub-processors so they can object.

4. International data transfers

OWL's servers are operated in the United States (see privacy policy §15). For personal data transferred from the EU/EEA, UK, or Switzerland, the intended transfer mechanism is the EU Standard Contractual Clauses (SCCs) (plus the UK Addendum / Swiss adaptations as applicable), supplemented by OWL's end-to-end encryption as a technical safeguard that keeps content unreadable in transit and at rest on our infrastructure.

Transfer mechanism in progress. We do not currently hold a signed set of SCCs on file or an active EU-US Data Privacy Framework self-certification. We are working toward executing SCCs as part of the binding DPA and are evaluating DPF self-certification. Until then, treat the transfer mechanism above as intended, established per-customer in the executed DPA — not as already in force.

5. How to request a signed DPA

If you need a signed Data Processing Agreement to evaluate or deploy OWL, contact privacy@ndevr.org. We will provide the current DPA for your counsel's review and execution.