Data Processing Agreement
echology, Inc. | Template
Scope of Processing
echology processes Client Data solely for providing the contracted Services: document ingestion, deterministic classification, embedding and retrieval, verification, and output generation.
Data types: Client Documents (specifications, contracts, drawings, CAD files, PDFs, reports), Extracted Metadata, Classification Results, and Personal Data incidentally contained within documents.
Processing Location
No Cloud Transmission. No Client Data is transmitted to cloud services, third-party APIs, or any server outside the Processing Environment at any stage.
Processing Environment. Either on-premises (deployed on client hardware, within client network) or processor infrastructure (echology's local computing environment without cloud dependencies).
Inference Engine. All ML inference performed locally. No data sent to OpenAI, Anthropic, Google, or any external AI service.
Security Measures
- Access Control: Role-based, authentication required for all system access
- Encryption at Rest: Requires operating system full-disk encryption (e.g., FileVault, BitLocker, LUKS), verified before deployment
- Encryption in Transit: TLS 1.2+
- Network Security: Processing Environment isolated from public internet
- Logging and Audit Trail: All access logged with timestamps and action descriptions
- Data Minimization: Only necessary data processed; intermediate artifacts purged
- Vulnerability Management: Current security patches maintained
Subprocessors
echology engages no subprocessors. The following components run locally and do not transmit data externally:
| Component | Function | Deployment |
|---|---|---|
| Ollama | Local ML inference | Local |
| decompose | Deterministic classification | Local |
Data Breach Notification
echology notifies clients within 72 hours of becoming aware of a Data Breach, including: nature of breach, categories and volume of records affected, likely consequences, and measures taken.
Data Deletion and Return
Upon termination or written request, echology returns and/or deletes all Client Data within 30 calendar days, including copies, backups, and processing artifacts. Written confirmation of deletion provided upon completion.
Governing Law
State of Delaware, without regard to conflict of laws principles.
To request a signed DPA for your engagement, contact hello@echology.io.