Last Updated: January 23, 2025

1. Roles

Customer = Data Controller
QuROI, Inc. = Data Processor
Subprocessors = Infrastructure and AI service vendors

2. Processing Instructions

QuROI processes Customer Data only to:

Provide the Services
Maintain security and prevent abuse
Fulfill legal obligations

3. Security Measures

Encryption at rest and in transit
Access controls and MFA
Logging and monitoring
Incident response procedures

See Security Addendum for details.

4. Subprocessors

QuROI may engage subprocessors with written contracts and confidentiality obligations. See Subprocessor Notice.

5. Data Transfers

Data is hosted exclusively in the United States. Standard Contractual Clauses (SCCs), UK Addendum, and LGPD safeguards are available where required.

6. Data Subject Rights

QuROI will assist Customer in responding to data subject requests (access, deletion, correction, etc.) where legally required.

7. Incident Notification

QuROI will notify Customer without undue delay of any confirmed data breach affecting Customer Data.