The customer acts as controller for personal data submitted to TrustLayer. ContractBot acts as processor where it processes personal data on the customer's documented instructions to deliver the service.
Processing may include intake, analysis, report generation, payment coordination, email delivery, verification link creation, support, security logging, and service monitoring.
ContractBot will process personal data in accordance with applicable GDPR processor obligations, including confidentiality, appropriate security measures, sub-processor management, and assistance with reasonable data subject requests.
Security measures include access control, secret management, HTTPS transport, infrastructure-level protections, operational logging, least-privilege service design, and separation of production secrets.
Sub-processors may include Cloudflare for hosting and storage, Stripe for payments, Resend for email delivery, and PDF rendering providers for report generation.