Between the Customer (the entity that has registered for, or is accessing, the TrustLoop service, acting as Data Controller) and TrustLoop Ltd, a company registered in the United Kingdom (acting as Data Processor).
In this DPA, the following terms have the meanings set out below:
"Applicable Data Protection Law" means, as relevant to the processing: (a) the UK General Data Protection Regulation and the Data Protection Act 2018 ("UK GDPR"); (b) Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU GDPR"); and (c) any other data protection, privacy, or equivalent legislation applicable to either party in connection with the Services.
"Controller" means the Customer, who determines the purposes and means of the processing of Personal Data under this DPA.
"Data Subject" means any identified or identifiable natural person to whom Personal Data relates.
"Personal Data" and "Personal Data Breach" have the meanings given to them in Applicable Data Protection Law.
"Processing" has the meaning given in Applicable Data Protection Law, and "Process" and "Processed" shall be construed accordingly.
"Processor" means TrustLoop Ltd, which Processes Personal Data on behalf of the Controller in connection with the Services.
"Services" means the AI agent governance, monitoring, and audit logging services provided by TrustLoop to the Customer.
"Sub-processor" means any third party engaged by TrustLoop Ltd to Process Personal Data in connection with the Services.
"Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission under Article 46(2)(c) of the EU GDPR, as currently in force. "UK IDTA" means the International Data Transfer Agreement issued by the UK Information Commissioner's Office.
This DPA governs all Processing of Personal Data carried out by TrustLoop Ltd on behalf of the Controller in connection with the Services.
TrustLoop will Process Personal Data for the duration of the service agreement, or until earlier deletion of the relevant Personal Data in accordance with this DPA.
The nature and purpose of Processing is: the interception, evaluation, logging, masking, and retention of AI agent tool calls and, where the TrustLoop browser extension is deployed by the Controller, AI chat interface messages — carried out on behalf of the Controller for the purposes of AI governance, operational visibility, audit, and regulatory evidence.
Full details of the Processing, including the types of Personal Data and categories of Data Subjects, are set out in Schedule 1.
The Controller warrants that it has, and will maintain for the duration of this DPA, a valid lawful basis for Processing Personal Data under Applicable Data Protection Law, including for instructing TrustLoop to Process Personal Data as contemplated by this DPA.
Where required by Applicable Data Protection Law, the Controller is responsible for informing Data Subjects about the monitoring and governance activities carried out through the Services, including through its own privacy notices or internal policies.
The Controller is responsible for ensuring that the Personal Data provided to TrustLoop is accurate and that its instructions to TrustLoop are lawful. The Controller will not instruct TrustLoop to Process Personal Data in a manner that would cause TrustLoop or the Controller to breach Applicable Data Protection Law.
The Controller is responsible for configuring the Services — including governance rules, retention periods, agent scope, and browser extension deployment — in a manner consistent with its obligations under Applicable Data Protection Law.
Processing on instructions. TrustLoop will Process Personal Data only on documented instructions from the Controller, including those set out in this DPA and in the Controller's configuration of the Services, unless required to do so by applicable law. Where TrustLoop is required by law to Process Personal Data other than as instructed, TrustLoop will inform the Controller before doing so, unless the law prohibits such notification.
Confidentiality of processing staff. TrustLoop will ensure that all persons it authorises to Process Personal Data on its behalf are subject to appropriate binding obligations of confidentiality with respect to that Personal Data.
Security. TrustLoop will implement and maintain the technical and organisational security measures set out in Schedule 3.
Assistance with Data Subject rights. Taking into account the nature of the Processing, TrustLoop will provide reasonable assistance to the Controller in fulfilling its obligations to respond to requests from Data Subjects exercising rights under Applicable Data Protection Law.
Assistance with controller obligations. TrustLoop will assist the Controller with its obligations under Articles 32–36 of the EU GDPR and equivalent provisions of UK GDPR, including in respect of security, Personal Data Breach notification, data protection impact assessments, and prior consultation with supervisory authorities, taking into account the nature of the Processing and the information available to TrustLoop.
No sale or sharing of Personal Data. TrustLoop will not sell, rent, disclose, or otherwise make Personal Data available to any third party for that third party's own purposes. TrustLoop will not Process Personal Data for any purpose other than the provision of the Services, unless expressly instructed by the Controller.
The Controller grants TrustLoop general written authorisation to engage the Sub-processors listed in Schedule 2. TrustLoop will not engage a Sub-processor outside of Schedule 2 without prior notification to the Controller in accordance with clause 5.3.
TrustLoop will impose on each Sub-processor data protection obligations equivalent to those imposed on TrustLoop under this DPA, in particular in respect of appropriate technical and organisational security measures.
TrustLoop will notify the Controller of any intended addition or replacement of a Sub-processor at least 14 days in advance by publishing an updated Schedule 2 at trustloop.live/dpa.html and by direct notification where possible. The Controller may object to a proposed change on reasonable grounds by notifying TrustLoop in writing within 14 days of notification. If the parties cannot resolve a reasonable objection within a further 14 days, either party may terminate the affected part of the Services on written notice without penalty.
TrustLoop remains fully liable to the Controller for the acts and omissions of its Sub-processors to the same extent TrustLoop would itself be liable if performing the Processing directly.
TrustLoop will keep Personal Data strictly confidential and will not disclose it to any party except: (a) to Sub-processors engaged in accordance with Article 5; (b) as required by applicable law, regulation, or court order; or (c) as expressly instructed by the Controller.
Where TrustLoop receives a legally binding request from a public authority for disclosure of Personal Data, TrustLoop will, to the extent permitted by law, promptly notify the Controller before disclosing and will use reasonable endeavours to seek appropriate limitations on the scope of any required disclosure.
TrustLoop will notify the Controller without undue delay, and in any event within 72 hours of becoming aware of a confirmed Personal Data Breach affecting the Controller's Personal Data.
The notification will include, to the extent then known: (a) a description of the nature of the breach; (b) the categories and approximate number of Data Subjects and Personal Data records involved; (c) the likely consequences of the breach; (d) the measures taken or proposed to address the breach and to mitigate its potential adverse effects.
Where all information cannot be provided simultaneously, TrustLoop may provide it in phases without undue further delay. TrustLoop will cooperate fully with the Controller in investigating and remediating any breach and will provide all information reasonably required for the Controller to meet its obligations to notify supervisory authorities and affected Data Subjects.
TrustLoop processes data primarily within the United Kingdom and the European Union. Where Personal Data is transferred to or accessed from a country or territory outside the UK or European Economic Area that does not benefit from an adequacy decision, TrustLoop will ensure that an appropriate transfer safeguard is in place, including Standard Contractual Clauses (for transfers subject to EU GDPR) or the UK International Data Transfer Agreement (for transfers subject to UK GDPR).
Current international transfers are to Sub-processors based in the United States, as set out in Schedule 2. TrustLoop confirms that each such transfer is subject to an appropriate transfer mechanism as indicated in Schedule 2.
Where TrustLoop receives a request directly from a Data Subject relating to the exercise of their rights under Applicable Data Protection Law (including rights of access, correction, erasure, restriction, portability, or objection), TrustLoop will promptly forward the request to the Controller and will not respond on the Controller's behalf unless instructed to do so.
Taking into account the nature of the Processing, TrustLoop will provide such technical assistance as is reasonably requested by the Controller to enable the Controller to fulfil its obligations to respond to Data Subject requests within the time periods required by Applicable Data Protection Law.
Upon termination or expiry of the service agreement, TrustLoop will, at the Controller's election made in writing within 30 days of termination: (a) securely delete or destroy all Personal Data within 30 days of the election; or (b) provide the Controller with a complete export of Personal Data in machine-readable format (JSON or CSV) and then securely delete or destroy all copies. If the Controller makes no election within 30 days of termination, TrustLoop will securely delete all Personal Data.
During the term, automated deletion of audit log data runs on a schedule aligned to the Controller's plan-based retention period. Retention periods are: Free — 7 days; Starter — 30 days; Growth — 90 days; Business — 1 year; Enterprise — as agreed.
Blockchain anchors stored on the Polygon public blockchain contain only cryptographic hashes of log data. No Personal Data is transmitted to or stored on the Polygon network, and these hashes cannot be deleted. TrustLoop will provide the Controller with documentation confirming that no Personal Data is contained in any blockchain record.
TrustLoop may retain Personal Data beyond the periods above only where required to do so by applicable law or a binding order of a competent authority. In such cases, TrustLoop will notify the Controller (to the extent permitted by law) and will maintain the confidentiality of such data and limit Processing to what is strictly required by law.
TrustLoop will make available to the Controller all information reasonably necessary to demonstrate compliance with the obligations of this DPA, and will permit and contribute to audits and inspections carried out by the Controller or a third-party auditor appointed by the Controller for this purpose.
The Controller will provide not less than 14 days' prior written notice of any audit, except where an audit is triggered by a suspected or confirmed Personal Data Breach, in which case shorter notice is accepted. The Controller will ensure that any appointed third-party auditor is subject to binding obligations of confidentiality. Audits will be conducted during normal business hours and in a manner that does not unreasonably disrupt TrustLoop's operations. The parties will agree in good faith on the scope, timing, and cost of audits before they commence.
TrustLoop may satisfy its obligations under clause 11.1 by providing the Controller with a current SOC 2 Type 1 or Type 2 report, ISO 27001 certificate, or equivalent third-party certification covering the relevant aspects of the Services. The Controller may still request a direct audit where the certification does not address specific areas of concern.
Liability of the parties under or in connection with this DPA is subject to the limitation of liability provisions in the service agreement between the parties.
Nothing in this DPA limits or excludes any liability that cannot lawfully be limited or excluded under Applicable Data Protection Law, including any liability arising from the rights of Data Subjects.
Governing law and jurisdiction. This DPA is governed by the laws of England and Wales. Each party submits to the exclusive jurisdiction of the courts of England and Wales for all disputes arising under or in connection with this DPA, except where Applicable Data Protection Law requires a different governing law or jurisdiction in respect of a particular Data Subject.
Entire agreement. This DPA, together with the service agreement and any applicable Standard Contractual Clauses or UK IDTA, constitutes the entire agreement between the parties with respect to the Processing of Personal Data in connection with the Services and supersedes any prior representations or agreements relating to the same subject matter.
Amendments. TrustLoop may update this DPA from time to time. Where changes are material, TrustLoop will provide at least 30 days' notice by email or by posting the updated DPA at trustloop.live/dpa.html. Continued use of the Services after the effective date of any update constitutes acceptance of the revised DPA.
Severability. If any provision of this DPA is held invalid or unenforceable, the remaining provisions continue in full force. The parties will replace any invalid provision with a valid provision that most closely achieves the intent of the original.
Contact. Questions regarding this DPA should be directed to hello@trustloop.live.
Particulars of Processing
| Subject matter | AI agent governance, monitoring, and audit logging services |
| Duration | For the term of the service agreement, subject to retention periods per plan |
| Nature of processing | Collection, interception, masking, storage, evaluation, structuring, and deletion of AI tool call data and AI chat messages |
| Purpose | Enabling the Controller to monitor AI agent activity, enforce governance rules, maintain tamper-evident audit records, and satisfy regulatory requirements |
| Types of Personal Data |
|
| Categories of Data Subjects |
|
Current Sub-processors — Last updated 13 July 2026
| Sub-processor | Role | Location | Transfer mechanism |
|---|---|---|---|
| Supabase Inc | Database and data storage (PostgreSQL). Stores all audit log, governance rule, and account data. | United States (EU region selected for storage) | SCCs / UK IDTA |
| Railway Corp | Cloud infrastructure and compute. Hosts the TrustLoop API server and all processing logic. | United States | SCCs / UK IDTA |
| Resend Inc | Transactional email delivery. Used to send account welcome messages, API key recovery emails, and human-approval notification emails. | United States | SCCs / UK IDTA |
| Anthropic PBC | AI rule evaluation. Where the Controller has configured plain-English governance rules, masked (PII-redacted) tool call arguments are submitted to Anthropic's API to determine whether a governance rule applies. Raw Personal Data is masked before submission. | United States | SCCs / UK IDTA |
| Stripe Inc | Payment processing. Handles billing, subscription management, and payment card data. Stripe does not receive or process tool call data or audit log content. | United States | SCCs / UK IDTA |
Note on blockchain anchoring: The Polygon public blockchain receives only a keccak256 cryptographic hash of each hour's audit log batch. No Personal Data, tool call content, or identifiable information is transmitted to or stored on the Polygon network. Polygon does not constitute a Sub-processor for the purposes of this DPA.
Measures in place as of 13 July 2026
All data transmitted between the Controller's agents, the browser extension, and the TrustLoop API is encrypted in transit using TLS 1.2 or higher. Connections that do not support TLS 1.2 are rejected.
All data stored in Supabase is encrypted at rest using AES-256 managed by Supabase. Backup storage is also encrypted.
Before any tool call argument or chat message is written to persistent storage, TrustLoop applies automated detection and masking to the following Personal Data categories: email addresses, telephone numbers, payment card numbers, UK National Insurance numbers, US Social Security Numbers, IBANs, and API keys and bearer tokens. Only the masked value is stored; the original value is never persisted.
TrustLoop API keys are stored as irreversible hashed values using a secure hashing algorithm. Plaintext keys are shown to the account holder only at the time of issuance and are not accessible thereafter, including to TrustLoop staff.
Each Controller's data is stored under a unique tenant identifier. Access controls are enforced at the application layer, ensuring that one Controller's data is never visible to another. Administrative access to production systems is restricted to personnel with an operational need, is subject to access review, and is logged.
A keccak256 cryptographic hash of each hour's batch of audit records is anchored to the Polygon public blockchain. This provides independently verifiable, tamper-evident proof of the state of the audit log at each anchoring interval, without exposing any Personal Data to the public network.
The TrustLoop API is monitored continuously by Better Stack with a three-minute detection interval. Alerts are raised immediately on service disruption. Incident history and current status are available at status.trustloop.live.
TrustLoop maintains a documented incident response procedure covering detection, containment, assessment, notification, and post-incident review. In the event of a confirmed Personal Data Breach, TrustLoop will notify the Controller without undue delay in accordance with Article 7 of this DPA.
Software dependencies are reviewed for known vulnerabilities on an ongoing basis and patched promptly where a material risk is identified. Security-relevant changes to the codebase are reviewed before deployment.
Technical and organisational security measures are reviewed at least annually and following any significant change to the Services, any security incident, or any change in applicable legal requirements.
TrustLoop Ltd · United Kingdom · hello@trustloop.live · trustloop.live
Version 1.0 — 13 July 2026. This document supersedes all prior versions.