This Data Processing Agreement (the "DPA") forms part of the Order Form, Master Services Agreement, or other written or electronic agreement (the "Principal Agreement") between [CUSTOMER LEGAL NAME] (the "Customer") and [YOUR LLC LEGAL NAME], a Virginia limited liability company (the "Processor" or "ResponderOS") for the provision of the ResponderOS service (the "Service").
This DPA reflects the parties' agreement with respect to the processing of Personal Data by the Processor on behalf of the Customer in connection with the Service. It is effective as of the date last signed below (the "Effective Date") and supersedes any prior data processing terms between the parties.
01Definitions
Terms used in this DPA have the meanings set forth below. Capitalized terms not defined here have the meaning given in the Principal Agreement.
| "Applicable Data Protection Law" | All laws and regulations applicable to a party's processing of Personal Data under this DPA, including the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Utah Consumer Privacy Act ("UCPA"), and any other federal or state privacy laws applicable to the Customer. |
| "Personal Data" | Any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Customer under the Principal Agreement. The scope and categories of Personal Data processed under this DPA are described in Annex A. |
| "Processing" | Any operation performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, transmission, erasure, or destruction. |
| "Data Subject" | The identified or identifiable natural person to whom Personal Data relates. Under this DPA, Data Subjects are typically the Customer's personnel (e.g., supervisors, line officers, administrators, and the individuals about whom they document records). |
| "Sub-Processor" | Any third party engaged by the Processor to process Personal Data on the Processor's behalf in connection with the Service. |
| "Security Incident" | Any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to Personal Data processed under this DPA. |
| "Controller" / "Processor" | Have the meanings ascribed to them under Applicable Data Protection Law. The Customer is the Controller, and ResponderOS is the Processor, of Personal Data processed under this DPA. |
02Roles & Scope
2.1 Roles of the parties
The Customer is the Controller of Personal Data and determines the purposes and means of its processing. ResponderOS is the Processor and processes Personal Data only on the documented instructions of the Customer as set forth in the Principal Agreement, this DPA, and the Customer's use of the Service.
2.2 Customer responsibilities
The Customer is solely responsible for:
- Ensuring that it has a lawful basis for the collection and processing of Personal Data under Applicable Data Protection Law;
- Providing all required notices to Data Subjects and obtaining all required consents;
- Configuring the Service's access controls, roles, and retention settings consistent with the Customer's legal obligations and internal policies;
- Determining what categories of Personal Data may be entered into the Service by the Customer's authorized users.
2.3 ResponderOS responsibilities
ResponderOS will:
- Process Personal Data only on the documented instructions of the Customer, as expressed through the Principal Agreement and the Customer's configuration of the Service;
- Not sell, rent, or share Personal Data as those terms are defined under Applicable Data Protection Law;
- Not use Personal Data for advertising, marketing, profiling, or any purpose outside of providing and improving the Service as described in this DPA and the ResponderOS Privacy Practices;
- Not combine Personal Data received under this DPA with personal information received from any other source for any purpose other than providing the Service to the Customer.
03Details of Processing
The subject matter, duration, nature, purpose, categories of Data Subjects, and categories of Personal Data processed under this DPA are set forth in Annex A (Description of Processing).
04Permitted Use of Personal Data
4.1 Service provision
ResponderOS may process Personal Data only to:
- Provide, maintain, and support the Service in accordance with the Principal Agreement;
- Comply with the Customer's documented instructions;
- Comply with applicable law, subject to Section 4.3 below.
4.2 Service improvement — limited and aggregate only
ResponderOS may process aggregate, de-identified technical and operational data about how the Service is used — such as which screens are frequently accessed, which workflows have high error or abandonment rates, and aggregate performance metrics — solely to maintain, troubleshoot, and improve the Service. ResponderOS will not read, review, analyze, or otherwise process the substantive content of records the Customer creates within the Service (including but not limited to counseling logs, evaluations, station notes, scene documentation, or personnel observations) for any purpose, including service improvement, except as strictly necessary to deliver the Service or respond to a Customer support request initiated by the Customer.
4.3 Legally required disclosures
If ResponderOS is required by applicable law, regulation, or valid legal process to disclose Personal Data, it will (to the extent legally permitted) notify the Customer in writing in advance and provide reasonable cooperation in any lawful effort by the Customer to challenge or limit the disclosure.
05Security Measures
5.1 Technical and organizational measures
ResponderOS will implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Current measures include those set forth in Annex B (Security Measures). ResponderOS may update these measures from time to time, provided that the level of protection is not materially diminished.
5.2 Personnel
ResponderOS ensures that any person it authorizes to process Personal Data is subject to a duty of confidentiality (whether contractual or statutory) and is trained on data protection requirements consistent with their role.
5.3 Encryption
Personal Data is encrypted in transit using TLS 1.2 or higher and at rest using industry-standard encryption (AES-256 or equivalent) provided by the Sub-Processors identified in Section 7 and Annex C.
06Security Incident Notification
Upon becoming aware of a Security Incident, ResponderOS will:
- Notify the Customer in writing without undue delay and in any event within seventy-two (72) hours of becoming aware of the Security Incident;
- Provide reasonably available information about the nature of the Security Incident, the categories and approximate number of Data Subjects and records affected, the likely consequences, and the measures taken or proposed to address and mitigate the Security Incident;
- Reasonably cooperate with the Customer's investigation, mitigation, and (where applicable) notification obligations under Applicable Data Protection Law.
Notice of a Security Incident is not, by itself, an acknowledgment by ResponderOS of any fault or liability with respect to the incident.
07Sub-Processors
7.1 General authorization
The Customer provides general authorization for ResponderOS to engage Sub-Processors to process Personal Data, subject to the requirements of this Section 7. The Sub-Processors authorized as of the Effective Date are listed in Annex C.
7.2 Sub-Processor obligations
ResponderOS will:
- Enter into a written agreement with each Sub-Processor imposing data protection obligations no less protective than those in this DPA;
- Remain fully liable to the Customer for the acts and omissions of its Sub-Processors with respect to Personal Data.
7.3 Changes to Sub-Processors
ResponderOS will notify the Customer at least thirty (30) days before adding or replacing a Sub-Processor. The Customer may object to the change in writing within fifteen (15) days of notice on reasonable data protection grounds. If the parties cannot resolve the objection in good faith within a further fifteen (15) days, the Customer may terminate the Principal Agreement with respect to the affected portion of the Service, without penalty, on thirty (30) days' written notice.
08Data Subject Rights & Customer Assistance
8.1 Data Subject requests
If ResponderOS receives a request from a Data Subject to exercise rights under Applicable Data Protection Law (e.g., access, correction, deletion, portability), ResponderOS will, where lawful and practicable, forward the request to the Customer without undue delay and will not respond to the Data Subject directly other than to confirm receipt and direct them to the Customer.
8.2 Cooperation
Taking into account the nature of the processing, ResponderOS will reasonably assist the Customer, by appropriate technical and organizational measures, in fulfilling the Customer's obligations to respond to Data Subject requests, conduct data protection assessments where required, and consult with regulators where required.
09Audits & Compliance Verification
ResponderOS will make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA. Upon the Customer's reasonable written request, and no more than once per calendar year (except in the event of a Security Incident or regulatory inquiry), ResponderOS will respond in good faith to reasonable questions concerning its data protection and security practices. The Customer agrees that responses to a current security questionnaire (such as a Vendor Security Alliance or CAIQ questionnaire) and the documentation referenced in Annex B will satisfy this obligation in most cases.
10Data Location
Personal Data processed under this DPA is stored and processed in the United States. ResponderOS will not transfer Personal Data outside the United States without prior written notice to the Customer and, where required, the implementation of an appropriate cross-border transfer mechanism.
11Return & Deletion
Upon termination or expiration of the Principal Agreement, or earlier upon the Customer's written request, ResponderOS will, at the Customer's election:
- Make Personal Data available to the Customer for export in a machine-readable format (JSON or CSV) for a period of thirty (30) days; or
- Delete or return all Personal Data in its possession.
After expiration of any applicable export period or upon Customer's instruction to delete, ResponderOS will delete Personal Data from active systems within thirty (30) days. Personal Data may persist in encrypted backups for up to ninety (90) days thereafter as part of standard disaster recovery, after which it will be permanently overwritten. ResponderOS may retain Personal Data only to the extent and for the duration required by applicable law, and only for that purpose.
12Liability
Each party's liability under this DPA is subject to the limitations and exclusions of liability set forth in the Principal Agreement. Nothing in this DPA limits or excludes either party's liability to a Data Subject to the extent such liability cannot be excluded under Applicable Data Protection Law.
13General
13.1 Order of precedence
In the event of a conflict between this DPA and the Principal Agreement with respect to the processing of Personal Data, this DPA controls.
13.2 Amendments
ResponderOS may update this DPA from time to time to reflect changes in Applicable Data Protection Law, Sub-Processors, or security practices, provided that no such update materially diminishes the protections provided to the Customer. Material changes will be communicated to the Customer at least thirty (30) days before taking effect.
13.3 Governing law
This DPA is governed by the laws of the Commonwealth of Virginia, without regard to its conflict of laws principles, and is subject to the exclusive jurisdiction of the state and federal courts located in Virginia Beach, Virginia, except where Applicable Data Protection Law requires otherwise.
13.4 Entire agreement
This DPA, together with the Principal Agreement and the Annexes referenced herein, constitutes the entire agreement between the parties with respect to the processing of Personal Data and supersedes all prior or contemporaneous agreements on the same subject.
Signature page. The downloadable .docx version includes a full execution signature block for both parties. This web version is for reading and reference only; signing happens on the document.
Annex A
Description of Processing
| Subject matter | Provision of the ResponderOS Service, an iOS-native field operations suite for front-line public safety personnel. |
| Duration | The duration of the Principal Agreement, plus any retention period set forth in Section 11. |
| Nature & purpose | Authentication of Customer personnel; storage and synchronization of operational records created by Customer personnel; delivery of in-app and push notifications; aggregate, de-identified service improvement as described in Section 4.2. |
| Categories of Data Subjects | Customer personnel who are authorized users of the Service (e.g., supervisors, line officers, administrators); individuals about whom Customer personnel create records within the Service (e.g., subordinate personnel referenced in counseling logs or evaluations). |
| Categories of Personal Data | Account data (email, name, role, rank, shift, station, organization affiliation); authentication data (hashed passwords, sign-in events); content data (records created by Customer personnel, which may include narrative descriptions of personnel performance, counseling, training, station and scene activities, wellness touchpoints, and operational events); device data (push notification tokens); diagnostic data (anonymized crash and performance information). |
| Special categories | The Service is not designed to collect special categories of data. To the extent Customer personnel choose to enter information that may constitute a special category (e.g., references to health or behavioral matters in wellness records), such data will be processed under the same protections as all other Personal Data. |
| Frequency | Continuous, for the duration of the Principal Agreement. |
Annex B
Security Measures
ResponderOS implements the following technical and organizational measures as of the Effective Date. These measures may evolve, provided the level of protection is not materially diminished.
Encryption
- TLS 1.2 or higher for all network communication between client devices and Service infrastructure.
- AES-256 encryption at rest for all stored Personal Data (provided via Google Cloud Firestore default encryption).
- Hashed password storage via Firebase Authentication; ResponderOS personnel have no access to plaintext passwords.
Access controls
- Admin-invited access model — no public self-signup. New users join only through an invitation issued by an authorized administrator at the Customer's organization.
- Role-based access controls within the Service, configured by Customer administrators.
- Principle of least privilege applied to ResponderOS personnel access to production systems.
- Multi-factor authentication required for ResponderOS personnel accessing production infrastructure.
Audit & monitoring
- Audit logging of administrative actions within Customer organizations.
- Logging of authentication events and access to production infrastructure.
- Continuous monitoring of infrastructure provided by Sub-Processor (Google Cloud Operations Suite).
Data segregation
- Logical separation of Customer data via tenant-scoped Firestore security rules.
- No commingling of Customer Personal Data with that of other customers in shared records.
Personnel
- Personnel with access to Personal Data are subject to written confidentiality obligations.
- Personnel are trained on data protection responsibilities relevant to their role.
- Access rights are reviewed and revoked promptly upon role change or separation.
Resilience
- Encrypted, geographically-redundant backups of production data within U.S. regions.
- Documented disaster recovery procedures with periodic exercise.
- Service-level monitoring and incident response procedures.
Secure development
- Source code review and version control for all changes to the Service.
- Dependency scanning for known vulnerabilities.
- Coordinated vulnerability disclosure: security@responderos.com.
Annex C
Authorized Sub-Processors
The following Sub-Processors are authorized to process Personal Data on behalf of ResponderOS as of the Effective Date. ResponderOS will notify the Customer of any addition or replacement of a Sub-Processor in accordance with Section 7.3.
| Sub-Processor |
Service |
Processing Activity |
Location |
| Google LLC | Firebase Authentication | User authentication; password hashing | United States |
| Google LLC | Cloud Firestore | Storage and synchronization of Customer records | United States |
| Google LLC | Firebase Cloud Messaging | Delivery of push notifications | United States |
| Apple Inc. | Apple Push Notification service | Final delivery of push notifications to iOS devices | United States |
Google's processing of Personal Data is governed by the Firebase Data Processing and Security Terms. Apple's processing is governed by the Apple Developer Program License Agreement and Apple's applicable privacy terms.
