Data Processing Agreement

1. Parties and Scope

This Data Processing Agreement ("DPA") forms part of the Terms between Vantix Wealth Labs and the customer using VantageGrid for business purposes. The customer is the controller, and VantageGrid acts as processor where it processes personal data on the customer's behalf. Where VantageGrid determines its own purposes and means of processing, including account administration, billing, security, fraud prevention, and legal compliance, VantageGrid acts as an independent controller as described in the Privacy Policy.

2. Processing Instructions

1. VantageGrid processes personal data only to provide, secure, maintain, support, and improve the Service as documented in the Terms, Privacy Policy, and customer configuration.
2. If VantageGrid believes an instruction violates data protection law, it will notify the customer where legally permitted.
3. The customer's use of product settings, imports, integrations, API calls, support requests, and account instructions are documented processing instructions.

3. Subject Matter, Duration, and Purpose

1. The subject matter is the provision of VantageGrid's trading journal, analytics, import, integration, AI coaching, reporting, and API services.
2. The duration is the term of the customer's account or subscription plus any legally required retention, backup, dispute, or wind-down period.
3. The purpose is to provide the Service, process customer-configured data, maintain security, support users, and meet documented customer instructions.

4. Data Categories and Data Subjects

• Account data, identity data, email addresses, authentication metadata, and support communications.
• Trading journal data, notes, tags, screenshots, import files, performance metrics, and integration metadata.
• Security telemetry, IP addresses, device data, audit logs, and billing references.
• Data subjects may include customer users, employees, contractors, traders, account holders, support contacts, and other persons whose data the customer submits to the Service.

5. Security Measures

VantageGrid uses technical and organizational measures including TLS, access controls, password hashing, encryption for sensitive secrets where stored, logging, rate limiting, backups, least-privilege operational access, and reasonable separation of customer data. Security measures may evolve over time, provided the overall level of protection is not materially reduced.

6. Confidentiality

Personnel and contractors authorized to process customer personal data must be subject to confidentiality obligations or professional obligations of confidentiality and may access customer personal data only as needed for authorized purposes.

7. Subprocessors

1. VantageGrid may use subprocessors for hosting, database infrastructure, email delivery, payments, AI processing, logging, security, analytics, customer support, and integration operations.
2. Subprocessors must be bound by written terms that provide data protection obligations appropriate to their role.
3. Customers may request current subprocessor information through privacy@vantagegrid.pro. Where required by law, we will provide notice of material subprocessor changes and allow legally required objections.

8. International Transfers

Where processing involves transfers outside the EEA, VantageGrid will rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or equivalent lawful transfer mechanisms.

9. Assistance and Data Subject Requests

VantageGrid will provide reasonable assistance for data subject requests, security obligations, DPIAs, prior consultations, and regulator inquiries, taking into account the nature of processing and information available to VantageGrid. The customer is responsible for responding to data subject requests where it acts as controller.

10. Breach Notice

VantageGrid will notify affected business customers without undue delay after becoming aware of a personal data breach involving customer personal data processed by VantageGrid as processor. The notice will include available information reasonably needed for the customer to meet breach-notification obligations, where known and legally permitted.

11. Audit and Compliance Information

VantageGrid will make available information reasonably necessary to demonstrate compliance with this DPA. Audits must be limited to what is legally required, conducted with reasonable notice, avoid disruption, protect confidential information and other customers' data, and may be satisfied through security documentation, written responses, or third-party reports where appropriate.

12. Deletion and Return

Upon account termination or written request, VantageGrid will delete or return customer personal data where technically feasible, unless retention is required by law, accounting duties, security, fraud prevention, backup cycles, or dispute handling.

13. Customer Responsibilities

1. The customer is responsible for having a lawful basis for personal data it submits to VantageGrid.
2. The customer is responsible for providing required notices to its users, traders, employees, contractors, or other data subjects.
3. The customer must configure integrations, access rights, API keys, and exports securely and may not submit data that it is not allowed to process through the Service.

14. Contact

To request a signed DPA or ask processor questions, contact privacy@vantagegrid.pro or support@vantagegrid.pro.