VANQUOR

Data processing

Every Vanquor engagement includes a Data Processing Addendum (DPA). This page summarises the commitments the DPA makes concrete; the execution copy is provided during contracting and on request from [email protected].

Roles

For personal data processed inside a client’s deployment, the client is the controller and Vanquor (through its operating entity) acts as processor, acting only on documented instructions.

Core commitments

  • Confidentiality. Personnel access is least-privilege, logged, and bound by confidentiality obligations.
  • Security measures. Single-tenant environments, encryption in transit and at rest, client-held keys (BYOK) on AWS deployments, hardened baselines, audit logging — as described on Security, Deployment & Data.
  • Sub-processors. A maintained list per engagement (e.g. the hosting provider for the chosen deployment path; AI providers only where the client enables the external LLM layer), with prior notice of changes and the right to object.
  • AI layer. Where enabled, external models are consumed under enterprise API terms — no training on client data, zero or strictly limited retention — and can be disabled per client.
  • Data residency. Regions pinned per client (US data in US regions); transfers safeguarded by Standard Contractual Clauses or equivalent mechanisms.
  • Assistance. Support with data-subject requests, security incidents (notification without undue delay) and data-protection impact assessments.
  • Return & deletion. On termination, return of client data in documented formats and deletion on instruction — portability is a standing capability, not an exit negotiation.
  • Audit. Audit and information rights proportionate to the engagement, including control documentation and evidence during due diligence.

Website enquiries

Personal data submitted through this website is processed as described in the privacy policy.

Summary page — the executed DPA governs. Request the current execution copy at [email protected].