Legal
RegRadar is offered with an AVV / Data Processing Addendum for customer workspaces. The DPA defines controller/processor roles, confidentiality, technical and organisational measures, assistance with data-subject requests, breach notification, deletion/return at exit, audit support and subprocessor notification.
Current procurement artefacts: AVV / DPA draft, subprocessor list including hosting and LLM providers, EU data-residency statement, SCC reference language where relevant, DORA Chapter V register-of-information template, exit-plan template and §25b KWG / MaRisk AT 9 outsourcing assessment pack.
Standard production posture: customer content is not used for model training; retention and no-training terms are controlled contractually with the AI provider; personal-data-in-prompt mode is configurable in the workspace Trust settings and should be kept off for regulated-bank production unless approved by the customer DPO.
The final signed DPA is attached to the applicable order form or enterprise agreement. For pilot and procurement requests, contact contact@tokenshift.ai.