Data Processing Addendum (DPA)

1. Roles and Scope

• Customer acts as controller (or equivalent legal role).
• TimelineSystem acts as processor/service provider for contracted services.
• Processing is limited to documented customer instructions and service functionality.

2. Processing Activities

Processing includes data ingestion, indexing, chronology extraction, citation rendering, audit recording, and export generation required to deliver TimelineSystem capabilities.

3. Security Measures

• Access control measures appropriate to role and tenant boundaries.
• Audit logging and integrity controls supporting defensible legal workflows.
• Operational monitoring and incident-response procedures.

4. Subprocessors

TimelineSystem may use infrastructure subprocessors under written confidentiality and security obligations, and remains responsible for subprocessor performance under applicable contract terms.

5. Data Subject and Regulatory Assistance

TimelineSystem provides commercially reasonable assistance for customer requests related to access, deletion, correction, or export where required by law and contract.

6. Return and Deletion

On termination or documented request, customer data return/deletion support is provided in accordance with contract terms and legal retention obligations.