Decision Intelligence OS for Enterprise Approval-Gated ExecutionCMMC L2 & NIST 800-171 aligned · FAR 44 · DCAA-ready
Data Processing Addendum
DPA.
Our Data Processing Addendum is available on request, signed under DocuSign / HelloSign, and supplements the Master Subscription Agreement on Professional, Enterprise, and Strategic tiers.
What the Nervos DPA covers
Roles — Nervos as data processor, customer as data controller, sub-processor relationships listed at /sub-processors.
EU/UK GDPR — SCCs (Module Two) and UK Addendum incorporated by reference for any cross-border transfer.
CCPA / CPRA — service-provider terms with prohibition on selling or sharing customer data.
Security — binding reference to the SOC 2 control set + AES-256-GCM + immutable audit log obligations described at /security.
Breach notification — written notice within 72 hours of confirmed material incident affecting customer data.
Data subject rights — assistance with access, rectification, erasure, and portability requests at no additional charge.
Return / deletion — export available within 30 days of termination; complete deletion within 60 days unless extended by retention obligation.