Security · DPA

Data Processing Addendum

Draft, pending counsel. This page is being finalized with our legal team and is not yet the binding version. For questions about data handling in the meantime, reach us via the contact page.

This Data Processing Addendum sets out the controller-to-processor terms for customer personal data processed by Nodes. Because Nodes deploys inside the customer's own VPC with zero data egress and no external subprocessors, the processing boundary stays inside the customer tenant.

Sections in preparation

Roles: customer as controller, Nodes as processor.
Scope and nature of processing (inside the customer VPC, zero egress).
Subprocessors: none external (see the Subprocessor List).
Security measures and SOC 2 Type I and II controls.
Data subject requests, breach notification, and audit rights.
Term, deletion, and return of data.