This summary describes the data-processing terms under which smert.ai Limited (Hong Kong) ("Processor") handles personal data on behalf of the customer ("Controller") when delivering the Service. A countersigned full DPA is available on request to support@smertai.com.
1. Subject-matter & duration
Processing of personal data submitted by the Controller for the purpose of providing the Service for the term of the subscription plus the retention period set out in the Authorization to Test.
2. Nature & purpose
Hosting, reconnaissance, vulnerability identification, proof-of-concept generation, reporting, support, and account administration.
3. Categories of data subjects
Controller's personnel and contractors; end-users represented in test data the Controller submits.
4. Categories of personal data
Identifiers, contact data, technical data (IP, user-agent), authentication data, and any data the Controller chooses to include in audit inputs.
5. Sub-processors
Listed in the Privacy Policy. The Controller is notified of changes at least 30 days before they take effect.
6. International transfers
Where required, transfers rely on the EU Standard Contractual Clauses or equivalent safeguards.
7. Security
Encryption in transit and at rest, tenant-isolated RLS, MFA for privileged access, HMAC-signed ingest, immutable audit log, vulnerability management, and personnel confidentiality obligations.
8. Breach notification
Processor will notify Controller of a confirmed personal-data breach without undue delay and in any event within 72 hours of becoming aware.
9. Assistance
Processor will provide reasonable assistance with data-subject requests, DPIAs, and supervisory-authority enquiries.
10. Deletion or return on termination
On termination, Processor will delete or return personal data per Controller instruction within 30 days, except where retention is required by law.
11. Audit
Processor will make available the information necessary to demonstrate compliance and will allow audits, subject to reasonable notice and confidentiality.