Skip to main content

Data Processing Agreement

Effective Date: January 1, 2025
Last Updated: February 1, 2026
Version: 1.1

This page publishes the standard Fololo Iris Data Processing Agreement used for customer subscriptions that require GDPR Article 28 processor terms. Executed customer copies include the customer legal entity name and effective date.

Scope

The DPA applies when Fololo Iris processes personal data on behalf of a customer in connection with wallet proof-of-control verification, evidence generation, auditor access, and webhook delivery.

Roles

  • Customer: controller for wallet-owner and authorized-user personal data submitted through the service.
  • Fololo Iris: processor for customer verification data and evidence workflows.
  • Fololo Iris: independent controller for limited account-management, billing, fraud-prevention, and security-log processing described in the Privacy Policy.

Core commitments

  • Process customer personal data only on documented customer instructions.
  • Apply technical and organizational security measures appropriate to the service risk profile.
  • Support data-subject rights handling and customer audit requests under the contract terms.
  • Flow equivalent processor obligations to approved sub-processors.
  • Notify customers of personal-data breaches without undue delay.

Security baseline

  • Encryption in transit and at rest for supported production systems.
  • Role-based access controls and tenant isolation controls.
  • Audit logging, retention controls, and incident-response procedures.
  • Sub-processor due diligence and contract controls.

Cross-border transfers

Where restricted transfers apply, Fololo Iris uses the contractual transfer mechanisms documented in the customer agreement package and applicable sub-processor terms.

Audit and review

Customers may request diligence materials, security questionnaires, and contract review support through privacy@fololo.io.

Contact

  • Privacy and data protection: privacy@fololo.io
  • Security: security@fololo.io
  • Support: support@fololo.io

For the public transparency notice that governs Fololo Iris controller-side processing, see Privacy Policy.