Effective date: March 6, 2026
Parties and roles
| Party | Role |
|---|
| Signed-I/O | Data Processor |
| Customer | Data Controller (or Processor where Customer processes its own end-users' data) |
Scope
This Addendum applies to all processing of personal data by Signed-I/O on your behalf within the platform, including Customer Environment data, associated logs, and metadata.
Processor obligations
- Instructions. Signed-I/O processes personal data only on your documented instructions.
- Confidentiality. All personnel with access to personal data are bound by confidentiality obligations.
- Security. Customer data is encrypted at rest and in transit using customer-owned keys. Full controls are described in the .
- Sub-processors. Sub-processors are listed in the . Consent is given upon Order execution. Customers may object to new sub-processors within 15 days of notification.
- Data subject rights. Signed-I/O will assist you in fulfilling access, correction, deletion, portability, and restriction requests upon written request.
- Breach notification. Signed-I/O will notify you within 72 hours of confirmed discovery of a personal data breach, including nature, affected categories, likely consequences, and remediation steps.
- Deletion and return. Upon request or termination, Signed-I/O deletes or returns all personal data per the Data Retention and Deletion Policy.
- Audit cooperation. Signed-I/O will support compliance audits with at least 30 days written notice.
Customer obligations
- Ensure a lawful basis under applicable law for all personal data processed.
- Provide required privacy notices to your data subjects.
- Specify retention and deletion requirements within your environment.
Data transfers
Signed-I/O may process personal data in the United States and in regions served by the cloud providers listed in the . Customer data remains encrypted with customer-owned keys throughout any migration between providers.
Governing law
This Addendum is governed by the law specified in the Terms of Service or applicable Order.
Questions?