Data Processing Addendum

Note: This document is a draft pending legal review. For questions, contact legal@viableenough.com.

Last updated: 17 April 2026

1. Scope

This Data Processing Addendum ("DPA") supplements the Terms of Service and applies when ViableEnough Ltd processes personal data on your behalf as a data processor.

2. Processing Details

We process personal data included in specialist run inputs only to provide the Service. Processing duration matches the run execution time plus the retention period of your plan.

3. Security Measures

We implement appropriate technical and organisational measures including: encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security assessments.

4. Sub-processors

We use the following sub-processors: Anthropic (LLM processing), Stripe (payments), Google Cloud (hosting). We maintain an up-to-date list of sub-processors and notify customers of changes.

5. Data Subject Rights

We will assist you in fulfilling data subject access requests within 30 days. Contact legal@viableenough.com for assistance.

6. Data Breach Notification

We will notify you of any personal data breach without undue delay and in any event within 72 hours of becoming aware of the breach.