Data Processing Addendum

Status

This page is a placeholder. The signed, legally executed DPA is available on request to any paying customer. Email legal@oneapi.finance with your company name and we will send the PDF for counter-signature within one business day.

What it covers

The DPA establishes oneapi.finance as a data processor for any personal data you submit through the API or that we collect on your behalf (typically: end-user API key identifiers if you proxy our service, or audit metadata if you use our webhook callbacks). It incorporates the EU Standard Contractual Clauses (SCCs) for any non-EU subprocessor transfers and aligns with GDPR Articles 28 and 32.

Subprocessors

Our subprocessor list is published in our Privacy Policy and is updated when we add or remove a vendor. We provide 30 days notice before adding a new subprocessor that processes customer personal data.

Audit rights

Customers on Business and Custom plans have the right to request a SOC 2-style attestation report annually. We do not currently hold a SOC 2 Type II certification but we publish a security white paper that covers our controls and we will counter-sign vendor security questionnaires within 10 business days.

Contact

For DPA execution, vendor questionnaires, or any data-protection correspondence: legal@oneapi.finance.