logo

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Tetracare Technologies Corporation ("Processor") and the customer organization ("Controller").

Scope And Application

This DPA applies to all personal data processed by TetraCare on behalf of the Controller through the platform. It establishes the data protection obligations of both parties in accordance with applicable privacy legislation, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA).

Roles And Responsibilities

RoleDescription
ControllerThe customer organization that determines the purposes and means of processing personal data
ProcessorTetraCare, which processes personal data on behalf of and under the instructions of the Controller

TetraCare processes data only on documented instructions from the Controller, except where required by applicable law.

Processing Activities

Processing activities performed by TetraCare include:

  • Secure storage and retrieval of documents and organizational data
  • Access provision to authorized users based on Controller-defined permissions
  • AI-assisted analysis within defined platform boundaries
  • Audit logging and access recording for accountability purposes

Technical And Organizational Security Measures

TetraCare implements appropriate technical and organizational measures including:

  • Logical access controls with role-based permissions
  • Encryption of data at rest and in transit
  • Comprehensive audit trails with tamper-evident logging
  • Least-privilege enforcement for system access
  • Regular security assessments and penetration testing

Subprocessing

TetraCare may engage subprocessors solely to deliver core platform services. All subprocessors are bound by data protection obligations consistent with this DPA. A current list of subprocessors is maintained on the Subprocessors page and updated with reasonable notice prior to changes.

Data Subject Requests

TetraCare will assist Controllers in responding to lawful data subject requests (access, correction, deletion, etc.) to the extent technically feasible and as required by applicable law. Controllers remain responsible for receiving and fulfilling such requests.

Data Breach Notification

TetraCare will notify Controllers without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach affecting Controller data. Notification will include available information regarding the nature, scope, and recommended remediation of the breach.

International Data Transfers

Where personal data is transferred outside the jurisdiction of the Controller, TetraCare ensures appropriate safeguards are in place in accordance with applicable privacy legislation. Details of transfer mechanisms are available upon request.