This is a summary. The full DPA is at /assets/dpa-feedoracle.html. Enterprise customers receive a countersigned copy on request.
Processing Scope
| Aspect | Details |
|---|---|
| Controller | The customer (API consumer) |
| Processor | FeedOracle (data infrastructure provider) |
| Purpose | Provision of RWA risk intelligence, regulatory evidence signals, and cryptographic attestation via API |
| Personal data | Minimal: email (account), API keys, access logs (IP + timestamp + endpoint) |
| Special categories (Art. 9) | None |
| Data subjects | Customer employees/agents who access the API |
Key DPA Provisions
| Provision | Summary |
|---|---|
| Legal basis | Art. 28 GDPR (processor agreement) |
| Sub-processors | netcup GmbH (hosting, DE), Cloudflare Inc. (CDN, EU primary). 30-day objection window for changes. |
| International transfers | Primary processing in Germany. Cloudflare edge may transit non-EU (covered by SCCs). On-chain hashes contain no PII. |
| Technical measures | TLS 1.2+, ECDSA signing, encrypted backups, SSH key-only, fail2ban, restrictive firewall. |
| Data subject rights | FeedOracle assists customer in responding to DSARs. Contact: privacy@feedoracle.io |
| Breach notification | ≤ 72 hours to customer per GDPR Art. 33 |
| Data deletion | API credentials deleted within 30 days of termination. Logs per 90-day rolling policy. |
| Audit rights | Documentation-based audit support. On-site audits negotiable for Enterprise tier. |
What FeedOracle Does NOT Process
- No customer financial data, portfolio positions, or trade information
- No end-user PII (B2B infrastructure only)
- No government-issued identity documents
- No payment card data
- No behavioral tracking or profiling
Applicable Law
| Aspect | Details |
|---|---|
| Governing law | German law |
| Data protection | GDPR (Regulation (EU) 2016/679) |
| Supervisory authority | LDI NRW (North Rhine-Westphalia) |
| Jurisdiction | Courts of Germany |
How to Execute
Enterprise customers can request a countersigned DPA by emailing enterprise@feedoracle.io. Included in Enterprise tier onboarding at no additional cost.