[{"data":1,"prerenderedAt":1118},["ShallowReactive",2],{"help-category-\u002Flegal-compliance\u002Fcompliance-and-certifications":3,"help-article-\u002Flegal-compliance\u002Fcompliance-and-certifications":4,"related-articles-\u002Flegal-compliance\u002Fcompliance-and-certifications":258},[],{"id":5,"title":6,"body":7,"category":238,"description":239,"draft":240,"extension":241,"meta":242,"navigation":243,"order":244,"path":245,"relatedArticles":246,"seo":252,"slug":253,"stem":254,"updatedAt":255,"__hash__":256,"excerpt":239,"searchText":257},"help\u002Fhelp\u002Flegal-compliance\u002F04.compliance-and-certifications.md","Compliance and certifications",{"type":8,"value":9,"toc":229},"minimark",[10,14,23,28,31,37,41,148,152,159,162,167,171,174,184,188,191,213,219],[11,12,13],"p",{},"MultiClaw's security and privacy controls align with ISO 27001, 27017, 27018, 27701, and ISO 22301. Each standard's status and scope is noted below, along with SOC 2, penetration testing, and procurement documentation details.",[11,15,16,17,22],{},"To request audit documentation or ask about certification timelines, email ",[18,19,21],"a",{"href":20},"mailto:legal@multiclaw.io","legal@multiclaw.io",".",[24,25,27],"h2",{"id":26},"alignment-vs-certification","Alignment vs certification",[11,29,30],{},"\"Aligned\" means MultiClaw's controls follow a standard's methodology and requirements, but MultiClaw has not undergone a formal third-party certification audit against that standard. Alignment reflects an active, internal effort to meet each standard's control objectives.",[11,32,33,34,36],{},"For procurement teams evaluating MultiClaw as a vendor, you can request a controls matrix mapping MultiClaw's practices to specific ISO control objectives. Email ",[18,35,21],{"href":20}," for the current matrix or the audit roadmap.",[24,38,40],{"id":39},"standards-summary","Standards summary",[42,43,44,60],"table",{},[45,46,47],"thead",{},[48,49,50,54,57],"tr",{},[51,52,53],"th",{},"Standard",[51,55,56],{},"What it covers",[51,58,59],{},"MultiClaw status",[61,62,63,81,94,106,118,131],"tbody",{},[48,64,65,72,75],{},[66,67,68],"td",{},[69,70,71],"strong",{},"ISO\u002FIEC 27001:2022",[66,73,74],{},"A framework for managing risks to information assets through policies, controls, and continuous improvement",[66,76,77,78,80],{},"Aligned. Not formally certified — email ",[18,79,21],{"href":20}," for the audit roadmap.",[48,82,83,88,91],{},[66,84,85],{},[69,86,87],{},"ISO\u002FIEC 27017:2015",[66,89,90],{},"Extends ISO 27001 with cloud-specific controls for shared responsibility, virtual machine hardening, and data isolation",[66,92,93],{},"Aligned",[48,95,96,101,104],{},[66,97,98],{},[69,99,100],{},"ISO\u002FIEC 27018:2019",[66,102,103],{},"Controls for how cloud providers handle personal data, including consent, transparency, and data portability",[66,105,93],{},[48,107,108,113,116],{},[66,109,110],{},[69,111,112],{},"ISO\u002FIEC 27701:2019",[66,114,115],{},"Extends ISO 27001 with privacy controls that support GDPR and other data protection regulations",[66,117,93],{},[48,119,120,125,128],{},[66,121,122],{},[69,123,124],{},"ISO 22301:2019",[66,126,127],{},"Business continuity management: ensures critical services can continue during and recover from disruptions",[66,129,130],{},"Incident response and recovery planning aligned",[48,132,133,138,141],{},[66,134,135],{},[69,136,137],{},"GDPR",[66,139,140],{},"EU\u002FUK data protection regulation governing personal data collection, processing, storage, and data subject rights",[66,142,143,144,22],{},"DPAs available on request. See ",[18,145,147],{"href":146},"\u002Fhelp\u002Flegal-compliance\u002Fdata-processing-agreement","Data processing agreement",[24,149,151],{"id":150},"soc-2","SOC 2",[11,153,154,155,158],{},"MultiClaw is evaluating a ",[69,156,157],{},"SOC 2 Type II"," audit covering the security, availability, and confidentiality trust service criteria. No audit has been commissioned or started.",[11,160,161],{},"SOC 2 Type II measures how effectively controls operate over a sustained observation period. When an audit begins, the timeline and scope will be shared with customers who request it.",[11,163,164,165,22],{},"To discuss MultiClaw's current security posture or future audit plans, email ",[18,166,21],{"href":20},[24,168,170],{"id":169},"penetration-testing","Penetration testing",[11,172,173],{},"An independent security firm conducts regular penetration tests against MultiClaw's cloud infrastructure and application layer.",[11,175,176,177,180,181,183],{},"Summary reports are available to Enterprise customers under a mutual non-disclosure agreement (",[69,178,179],{},"NDA","). Contact ",[18,182,21],{"href":20}," to request access.",[24,185,187],{"id":186},"procurement-documentation","Procurement documentation",[11,189,190],{},"If your organisation requires a completed security questionnaire before purchasing, MultiClaw supports these formats:",[192,193,194,201,207],"ul",{},[195,196,197,200],"li",{},[69,198,199],{},"VSA"," (Vendor Security Assessment)",[195,202,203,206],{},[69,204,205],{},"SIG"," (Standardised Information Gathering Questionnaire)",[195,208,209,212],{},[69,210,211],{},"CAIQ"," (Consensus Assessments Initiative Questionnaire)",[11,214,215,216,218],{},"Email ",[18,217,21],{"href":20}," to request a completed questionnaire. Include the format you need and your target review date so the team can prioritise accordingly.",[11,220,221,222,225,226,228],{},"A ",[69,223,224],{},"Software Bill of Materials (SBOM)"," is not yet available. Email ",[18,227,21],{"href":20}," to enquire about SBOM availability and timeline.",{"title":230,"searchDepth":231,"depth":231,"links":232},"",2,[233,234,235,236,237],{"id":26,"depth":231,"text":27},{"id":39,"depth":231,"text":40},{"id":150,"depth":231,"text":151},{"id":169,"depth":231,"text":170},{"id":186,"depth":231,"text":187},"legal-compliance","MultiClaw's controls align with ISO 27001, 27017, 27018, 27701, and ISO 22301. Includes GDPR, SOC 2 status, penetration testing, and procurement docs.",false,"md",{},true,4,"\u002Flegal-compliance\u002Fcompliance-and-certifications",[247,248,249,250,251],"legal-compliance\u002Fterms-of-service","legal-compliance\u002Fprivacy-policy","legal-compliance\u002Fdata-processing-agreement","security-privacy\u002Fsecurity-overview","security-privacy\u002Fdependency-and-supply-chain-security",{"title":6,"description":239},"compliance-and-certifications","help\u002Flegal-compliance\u002F04.compliance-and-certifications","2026-03-31","1s47UJDmt6uwi3WdN2yOmViT99l56b4DpYETlS8zOuw","Compliance and certifications MultiClaw's controls align with ISO 27001, 27017, 27018, 27701, and ISO 22301. Includes GDPR, SOC 2 status, penetration testing, and procurement docs.",[259,436,835],{"id":260,"title":261,"body":262,"category":238,"description":424,"draft":240,"extension":241,"meta":425,"navigation":243,"order":426,"path":427,"relatedArticles":428,"seo":430,"slug":431,"stem":432,"updatedAt":433,"__hash__":434,"excerpt":424,"searchText":435},"help\u002Fhelp\u002Flegal-compliance\u002F01.terms-of-service.md","Terms of service",{"type":8,"value":263,"toc":413},[264,267,281,285,288,299,305,309,312,325,329,342,346,349,352,356,359,369,373,379,383,389,393,396,402,406],[11,265,266],{},"The Terms of Service define what you can expect from MultiClaw and what MultiClaw expects from you. This page summarises the key points in plain language: acceptable use, data ownership, billing, availability, termination, liability, governing law, and how changes work.",[268,269,271],"callout",{"type":270},"note",[11,272,273,274,280],{},"This is a plain-language summary, not the full legal document. The ",[18,275,279],{"href":276,"rel":277},"https:\u002F\u002Fmulticlaw.io\u002Fterms",[278],"nofollow","full Terms of Service"," take precedence.",[24,282,284],{"id":283},"acceptable-use","Acceptable use",[11,286,287],{},"You can use MultiClaw for any legitimate business or personal productivity purpose. The Terms prohibit activity that causes harm, breaks laws, or abuses the service. Examples include:",[192,289,290,293,296],{},[195,291,292],{},"Spam or bulk unsolicited messaging",[195,294,295],{},"Mass scraping in violation of third-party terms",[195,297,298],{},"Circumventing rate limits or access controls",[11,300,301,302,22],{},"Your account may be suspended or terminated if you violate the Terms. For the full list of prohibited activities, see the ",[18,303,279],{"href":276,"rel":304},[278],[24,306,308],{"id":307},"data-ownership","Data ownership",[11,310,311],{},"Your data stays yours. MultiClaw does not claim ownership of your conversations, agent definitions, skills, or content your agents create during tasks. You grant MultiClaw a limited licence to process and store your content so the service can operate.",[11,313,314,315,319,320,324],{},"The ",[18,316,318],{"href":317},"\u002Fhelp\u002Flegal-compliance\u002Fprivacy-policy","Privacy Policy"," explains how your data is handled, stored, and protected. The ",[18,321,323],{"href":276,"rel":322},[278],"full Terms"," describe the exact scope of the licence, including when it ends.",[24,326,328],{"id":327},"billing-and-payment","Billing and payment",[11,330,331,332,337,338,341],{},"The Terms cover your payment obligations, including fees, billing cycles, cancellation timing, and what happens if a payment fails. Plan pricing and feature details are available at ",[18,333,336],{"href":334,"rel":335},"https:\u002F\u002Fmulticlaw.io",[278],"multiclaw.io",", and the ",[18,339,323],{"href":276,"rel":340},[278]," set out the specific refund and cancellation rules.",[24,343,345],{"id":344},"service-availability","Service availability",[11,347,348],{},"MultiClaw uses commercially reasonable efforts to maintain high availability for all customers. This target is not a contractual obligation, and standard accounts do not include a formal uptime guarantee or service level commitment.",[11,350,351],{},"Enterprise customers may enquire about service level commitments as part of a separately negotiated agreement. Any such arrangement is at MultiClaw's sole discretion.",[24,353,355],{"id":354},"termination","Termination",[11,357,358],{},"You can cancel your account at any time. Export any data you need before cancelling — once your account is closed, access to your workspace and agent history ends. MultiClaw may also suspend or terminate your account for Terms violations.",[11,360,361,362,364,365,22],{},"After cancellation, data deletion is governed by the ",[18,363,318],{"href":317}," and applicable law. To request deletion of your personal data, ",[18,366,368],{"href":334,"rel":367},[278],"contact MultiClaw through the website",[24,370,372],{"id":371},"limitation-of-liability","Limitation of liability",[11,374,375,376,22],{},"The Terms limit MultiClaw's maximum liability to the greater of the total fees you paid in the 12 months before the claim, or £100. This cap does not apply to liability for death, for personal injury caused by negligence, or for fraud. For details, see the ",[18,377,323],{"href":276,"rel":378},[278],[24,380,382],{"id":381},"governing-law","Governing law",[11,384,385,388],{},[69,386,387],{},"The laws of England and Wales"," govern the Terms. Disputes are subject to the exclusive jurisdiction of the courts of England and Wales. MultiClaw is registered in the United Kingdom.",[24,390,392],{"id":391},"changes-to-the-terms","Changes to the Terms",[11,394,395],{},"MultiClaw aims to give you at least 30 days' notice before material changes take effect. If you continue using the service after the notice period, you accept the updated Terms. If you disagree with a change, you can cancel your account before the new Terms take effect.",[11,397,314,398,401],{},[18,399,323],{"href":276,"rel":400},[278]," define the notice requirements and what counts as a material change.",[24,403,405],{"id":404},"enterprise-contracts","Enterprise contracts",[11,407,408,409,412],{},"Enterprise customers may enquire about custom contract terms. Visit ",[18,410,336],{"href":334,"rel":411},[278]," to discuss your needs. Custom terms are offered at MultiClaw's sole discretion.",{"title":230,"searchDepth":231,"depth":231,"links":414},[415,416,417,418,419,420,421,422,423],{"id":283,"depth":231,"text":284},{"id":307,"depth":231,"text":308},{"id":327,"depth":231,"text":328},{"id":344,"depth":231,"text":345},{"id":354,"depth":231,"text":355},{"id":371,"depth":231,"text":372},{"id":381,"depth":231,"text":382},{"id":391,"depth":231,"text":392},{"id":404,"depth":231,"text":405},"A plain-language summary of MultiClaw's Terms of Service covering your rights, your data, and key policies.",{},1,"\u002Flegal-compliance\u002Fterms-of-service",[248,249,429],"legal-compliance\u002Fcompliance-and-certifications",{"title":261,"description":424},"terms-of-service","help\u002Flegal-compliance\u002F01.terms-of-service","2026-03-30","buZVXtGry50OqHPSg0ewffDVhHnYF1fJvNNksYz26PI","Terms of service A plain-language summary of MultiClaw's Terms of Service covering your rights, your data, and key policies.",{"id":437,"title":438,"body":439,"category":238,"description":823,"draft":240,"extension":241,"meta":824,"navigation":243,"order":231,"path":825,"relatedArticles":826,"seo":830,"slug":831,"stem":832,"updatedAt":433,"__hash__":833,"excerpt":823,"searchText":834},"help\u002Fhelp\u002Flegal-compliance\u002F02.privacy-policy.md","Privacy policy",{"type":8,"value":440,"toc":808},[441,451,454,458,468,481,487,493,497,507,510,514,517,520,523,543,547,550,611,619,623,630,637,646,649,653,656,662,668,674,678,684,690,694,697,741,749,753,758,762,770,774,777,780,787,791,797,801],[268,442,443],{"type":270},[11,444,445,446,22],{},"This article summarises the Privacy Policy in plain language. It is not a legal document. Read the full policy at ",[18,447,450],{"href":448,"rel":449},"https:\u002F\u002Fmulticlaw.io\u002Fprivacy",[278],"multiclaw.io\u002Fprivacy",[11,452,453],{},"MultiClaw collects only what it needs to run the service, does not sell your data, and gives you control over your information. Below you'll find what is collected, who can access it, and how to exercise your rights.",[24,455,457],{"id":456},"what-is-collected","What is collected",[11,459,460,461,464,465,22],{},"When you create an account, MultiClaw stores your ",[69,462,463],{},"name"," and ",[69,466,467],{},"email address",[11,469,470,473,474,464,477,480],{},[69,471,472],{},"Workspace metadata"," — such as workspace name, team membership, and role assignments — is stored on MultiClaw Cloud. ",[69,475,476],{},"IP addresses",[69,478,479],{},"browser user-agent strings"," appear in server logs and are retained for 90 days.",[11,482,483,486],{},[69,484,485],{},"Conversation content"," is stored on MultiClaw Cloud only when you sync a conversation. If you keep conversations local, they never leave your device.",[11,488,489,492],{},[69,490,491],{},"Workflow recordings"," created with the MultiClaw Chrome extension capture the sequence of browser actions (clicks, navigation, form inputs) during a recording session. The extension only records when you explicitly start a session and does not monitor your browsing at any other time.",[24,494,496],{"id":495},"what-is-not-collected","What is not collected",[11,498,314,499,502,503,506],{},[69,500,501],{},"MultiClaw desktop app"," does not collect telemetry or usage analytics. ",[69,504,505],{},"Crash logs"," are saved only on your device and are never uploaded automatically.",[11,508,509],{},"MultiClaw does not collect payment card numbers or banking details directly. Payment processing is handled by a third-party payment processor under its own privacy policy.",[24,511,513],{"id":512},"how-data-is-used","How data is used",[11,515,516],{},"MultiClaw uses your data to run the service, authenticate you when you sign in, provision cloud desktops, and send service-related emails such as security alerts. MultiClaw does not send marketing emails without your explicit consent.",[11,518,519],{},"Audit logs record workspace activity to support governance and security oversight.",[11,521,522],{},"Each type of processing has a legal basis under GDPR:",[192,524,525,531,537],{},[195,526,527,530],{},[69,528,529],{},"Contract performance",": running the service, provisioning cloud desktops, generating agent responses",[195,532,533,536],{},[69,534,535],{},"Legitimate interests",": server log analysis for security, audit logs for governance, responding to support requests",[195,538,539,542],{},[69,540,541],{},"Consent",": analytics cookies on the marketing website and marketing emails (you can withdraw consent at any time)",[24,544,546],{"id":545},"data-retention","Data retention",[11,548,549],{},"MultiClaw keeps your data only as long as it's needed. The main retention periods are:",[42,551,552,562],{},[45,553,554],{},[48,555,556,559],{},[51,557,558],{},"Data",[51,560,561],{},"Kept for",[61,563,564,572,580,588,596,603],{},[48,565,566,569],{},[66,567,568],{},"Account data (name, email)",[66,570,571],{},"Until you close your account, then deleted within 30 days",[48,573,574,577],{},[66,575,576],{},"Workspace and team data",[66,578,579],{},"Until the workspace subscription ends, then deleted within 30 days",[48,581,582,585],{},[66,583,584],{},"Server logs (IP, user agent)",[66,586,587],{},"90 days",[48,589,590,593],{},[66,591,592],{},"Synced conversations",[66,594,595],{},"Until you delete them or close your account",[48,597,598,601],{},[66,599,600],{},"Uploaded workflows",[66,602,595],{},[48,604,605,608],{},[66,606,607],{},"Audit logs",[66,609,610],{},"1 year",[11,612,613,614,618],{},"After you close your account, you have 30 days to export your data before deletion begins. See ",[18,615,617],{"href":616},"\u002Fhelp\u002Faccount-billing\u002Fdelete-your-account","Delete your account"," for details.",[24,620,622],{"id":621},"who-data-is-shared-with","Who data is shared with",[11,624,625,626,629],{},"MultiClaw uses a limited set of ",[69,627,628],{},"subprocessors"," to deliver the service. These include cloud hosting providers, database providers, and email delivery services.",[11,631,632,633,636],{},"Your conversation content is also transmitted to third-party ",[69,634,635],{},"AI model providers"," to generate agent responses. These providers are engaged under data processing agreements that prohibit using your data to train their models.",[11,638,639,640,645],{},"A list of subprocessors will be published at ",[18,641,644],{"href":642,"rel":643},"https:\u002F\u002Fmulticlaw.io\u002Flegal\u002Fsubprocessors",[278],"multiclaw.io\u002Flegal\u002Fsubprocessors"," when the service is generally available.",[11,647,648],{},"Your data is never sold to third parties.",[24,650,652],{"id":651},"ai-and-your-data","AI and your data",[11,654,655],{},"MultiClaw is an AI product, so it's worth understanding how your data interacts with AI systems.",[11,657,658,661],{},[69,659,660],{},"Your data is not used for training."," Neither MultiClaw nor its AI model providers use your conversations, instructions, or workflows to train, fine-tune, or evaluate AI models.",[11,663,664,667],{},[69,665,666],{},"You approve before agents act."," Agents draft a plan before executing any task. You review and approve the plan before the agent proceeds.",[11,669,670,673],{},[69,671,672],{},"Third-party interactions are governed by the third party."," When an agent browses a website or submits a form on your behalf, the data shared with that service is governed by the third party's own privacy policy.",[24,675,677],{"id":676},"cookies","Cookies",[11,679,314,680,683],{},[69,681,682],{},"multiclaw.io marketing website"," uses analytics cookies. A consent banner lets you accept or decline these before any cookie is set.",[11,685,314,686,689],{},[69,687,688],{},"MultiClaw Cloud web app"," uses session cookies only. No tracking or advertising cookies are used inside the product.",[24,691,693],{"id":692},"your-data-subject-rights","Your data subject rights",[11,695,696],{},"If you are in the EU, EEA, or UK, GDPR and UK GDPR give you the right to:",[192,698,699,705,711,717,723,729,735],{},[195,700,701,704],{},[69,702,703],{},"Access"," your personal data",[195,706,707,710],{},[69,708,709],{},"Correct"," inaccurate data",[195,712,713,716],{},[69,714,715],{},"Erase"," your data",[195,718,719,722],{},[69,720,721],{},"Restrict"," processing",[195,724,725,728],{},[69,726,727],{},"Receive a portable copy"," of your data",[195,730,731,734],{},[69,732,733],{},"Object"," to processing based on legitimate interests",[195,736,737,740],{},[69,738,739],{},"Withdraw consent"," at any time when processing is based on consent (for example, analytics cookies or marketing emails)",[11,742,743,744,748],{},"To exercise any of these rights, email ",[18,745,747],{"href":746},"mailto:privacy@multiclaw.io","privacy@multiclaw.io",". MultiClaw will respond within one calendar month.",[24,750,752],{"id":751},"international-data-transfers","International data transfers",[11,754,755,756,618],{},"Your data is hosted on AWS infrastructure in the United States (US East region by default; EU region available on request). Transfers of personal data from the UK and EEA to the US rely on Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Agreement (IDTA). See the ",[18,757,147],{"href":146},[24,759,761],{"id":760},"right-to-complain","Right to complain",[11,763,764,765,769],{},"If you believe your personal data is being handled unlawfully, you can lodge a complaint with your supervisory authority. In the UK, contact the Information Commissioner's Office (ICO) at ",[18,766,767],{"href":767,"rel":768},"https:\u002F\u002Fico.org.uk",[278],". In the EU, contact your national data protection authority.",[24,771,773],{"id":772},"security-and-compliance","Security and compliance",[11,775,776],{},"Data in transit is encrypted using TLS. Access to personal data is restricted to authorised personnel who need it to perform their role.",[11,778,779],{},"If a data breach is likely to affect your rights, MultiClaw will notify the relevant supervisory authority within 72 hours and will notify you directly without undue delay.",[11,781,782,783,786],{},"MultiClaw's privacy controls are designed in alignment with ",[69,784,785],{},"ISO\u002FIEC 27701",", the international standard for privacy information management.",[24,788,790],{"id":789},"childrens-privacy","Children's privacy",[11,792,793,794,796],{},"MultiClaw is not intended for anyone under 16. If you believe a child under 16 has created an account, email ",[18,795,747],{"href":746},", and MultiClaw will delete the data promptly.",[24,798,800],{"id":799},"changes-to-the-policy","Changes to the policy",[11,802,803,804,807],{},"MultiClaw will give you ",[69,805,806],{},"30 days' notice"," before making any material change to the Privacy Policy. Notice is sent by email to the address on your account and posted on the website.",{"title":230,"searchDepth":231,"depth":231,"links":809},[810,811,812,813,814,815,816,817,818,819,820,821,822],{"id":456,"depth":231,"text":457},{"id":495,"depth":231,"text":496},{"id":512,"depth":231,"text":513},{"id":545,"depth":231,"text":546},{"id":621,"depth":231,"text":622},{"id":651,"depth":231,"text":652},{"id":676,"depth":231,"text":677},{"id":692,"depth":231,"text":693},{"id":751,"depth":231,"text":752},{"id":760,"depth":231,"text":761},{"id":772,"depth":231,"text":773},{"id":789,"depth":231,"text":790},{"id":799,"depth":231,"text":800},"A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.",{},"\u002Flegal-compliance\u002Fprivacy-policy",[247,249,429,827,828,829],"legal-compliance\u002Fsubprocessors-and-third-parties","legal-compliance\u002Fdata-portability-and-export","security-privacy\u002Fprivacy-and-data-handling",{"title":438,"description":823},"privacy-policy","help\u002Flegal-compliance\u002F02.privacy-policy","125HQqTSrjEYZlUQE5xdgpy2Hf_1P1JTE_MnctVXrH8","Privacy policy A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.",{"id":836,"title":147,"body":837,"category":238,"description":1109,"draft":240,"extension":241,"meta":1110,"navigation":243,"order":1104,"path":1111,"relatedArticles":1112,"seo":1113,"slug":1114,"stem":1115,"updatedAt":433,"__hash__":1116,"excerpt":1109,"searchText":1117},"help\u002Fhelp\u002Flegal-compliance\u002F03.data-processing-agreement.md",{"type":8,"value":838,"toc":1098},[839,853,866,870,873,893,896,900,921,928,933,946,949,953,956,1018,1025,1029,1032,1046,1049,1053,1062,1071,1075,1081,1095],[11,840,841,842,845,846,849,850,22],{},"If your organisation processes personal data through MultiClaw, UK GDPR and EU GDPR require a ",[69,843,844],{},"Data Processing Agreement"," (DPA) between you and MultiClaw before that processing begins. A DPA is a contract under Article 28 that defines how MultiClaw, as the ",[69,847,848],{},"data processor",", handles personal data on your behalf as the ",[69,851,852],{},"data controller",[11,854,855,856,859,860,863,864,786],{},"MultiClaw provides a standard, pre-signed DPA to any organisation that needs one. The DPA includes ",[69,857,858],{},"EU Standard Contractual Clauses"," (SCCs) for EEA data transfers and the ",[69,861,862],{},"UK International Data Transfer Agreement"," (IDTA) for UK data transfers. Together, these mechanisms cover international transfers to MultiClaw's subprocessors. MultiClaw's security programme aligns with ",[69,865,785],{},[24,867,869],{"id":868},"who-needs-a-dpa","Who needs a DPA",[11,871,872],{},"You need a DPA if your team uses MultiClaw to process personal data on behalf of your organisation. Common examples:",[192,874,875,881,887],{},[195,876,877,880],{},[69,878,879],{},"Customer-facing agents"," that handle support tickets containing names, email addresses, or account details",[195,882,883,886],{},[69,884,885],{},"Workflow automations"," that process employee records, HR data, or payroll information",[195,888,889,892],{},[69,890,891],{},"Task outputs"," that generate or reference personal data from your connected tools",[11,894,895],{},"If your use of MultiClaw involves only non-personal data — for example, code generation with no personal identifiers — a DPA is not legally required. When in doubt, request one. There is no cost or downside.",[24,897,899],{"id":898},"how-to-request-a-dpa","How to request a DPA",[901,902,903,908,918],"ol",{},[195,904,905,906,22],{},"Send an email to ",[18,907,21],{"href":20},[195,909,910,911,22],{},"Use the subject line: ",[69,912,913,914],{},"DPA request — ",[915,916,917],"span",{},"your workspace name",[195,919,920],{},"Include your organisation's legal entity name and registered address in the email body.",[11,922,923,924,927],{},"MultiClaw will process your request within ",[69,925,926],{},"5 business days"," and send you the pre-signed DPA for countersignature.",[929,930,932],"h3",{"id":931},"after-you-receive-the-dpa","After you receive the DPA",[901,934,935,938,943],{},[195,936,937],{},"Review the agreement with your legal or data protection team.",[195,939,940,941,22],{},"Countersign the DPA and return it to ",[18,942,21],{"href":20},[195,944,945],{},"MultiClaw confirms receipt and stores the executed copy on file.",[11,947,948],{},"The DPA remains in effect for as long as your organisation has an active MultiClaw subscription. If you cancel your subscription, the data-handling obligations in the DPA continue until all personal data is deleted or returned, as described in the agreement's deletion and return provisions.",[24,950,952],{"id":951},"what-the-dpa-covers","What the DPA covers",[11,954,955],{},"The standard DPA covers all Article 28(3) requirements under UK GDPR and EU GDPR, including:",[192,957,958,964,970,976,982,988,994,1000,1006,1012],{},[195,959,960,963],{},[69,961,962],{},"Subject matter and duration",": what data is processed and for how long",[195,965,966,969],{},[69,967,968],{},"Nature and purpose of processing",": why and how MultiClaw processes the data",[195,971,972,975],{},[69,973,974],{},"Type of personal data",": the categories of data involved",[195,977,978,981],{},[69,979,980],{},"Categories of data subjects",": the people whose data is processed",[195,983,984,987],{},[69,985,986],{},"Obligations and rights of the controller",": your responsibilities and entitlements as the data controller",[195,989,990,993],{},[69,991,992],{},"Security measures",": the technical and organisational measures MultiClaw implements to protect the data",[195,995,996,999],{},[69,997,998],{},"Subprocessor restrictions",": conditions under which MultiClaw may engage subprocessors and notification obligations",[195,1001,1002,1005],{},[69,1003,1004],{},"Data subject rights assistance",": how MultiClaw assists you in responding to data subject requests",[195,1007,1008,1011],{},[69,1009,1010],{},"Audit rights",": your right to conduct or commission audits of MultiClaw's processing activities",[195,1013,1014,1017],{},[69,1015,1016],{},"Deletion and return",": how data is handled at the end of the contract",[11,1019,1020,1021,22],{},"For a full list of third-party subprocessors covered by the SCCs and IDTA, see ",[18,1022,1024],{"href":1023},"\u002Fhelp\u002Flegal-compliance\u002Fsubprocessors-and-third-parties","Subprocessors and third parties",[24,1026,1028],{"id":1027},"international-transfer-mechanisms","International transfer mechanisms",[11,1030,1031],{},"When personal data moves between countries, UK GDPR and EU GDPR require specific legal safeguards. The standard DPA includes two transfer mechanisms:",[192,1033,1034,1040],{},[195,1035,1036,1039],{},[69,1037,1038],{},"EU Standard Contractual Clauses (SCCs)",": pre-approved contract clauses adopted by the European Commission that authorise transfers of personal data from the EEA to countries without an adequacy decision. The DPA incorporates the current Module 2 (controller-to-processor) SCCs.",[195,1041,1042,1045],{},[69,1043,1044],{},"UK International Data Transfer Agreement (IDTA)",": the UK equivalent of SCCs, approved by the UK Information Commissioner's Office (ICO) for transfers from the UK to countries without UK adequacy regulations.",[11,1047,1048],{},"These mechanisms apply automatically to any personal data transferred to MultiClaw's subprocessors outside the EEA or UK. You don't need to sign a separate transfer agreement — the DPA covers international transfers by default.",[24,1050,1052],{"id":1051},"controller-vs-processor-roles","Controller vs processor roles",[11,1054,1055,1056,1058,1059,1061],{},"MultiClaw acts as a ",[69,1057,848],{}," for data you store in your workspace — for example, task content, agent outputs, and team member activity. You remain the ",[69,1060,852],{}," for that data.",[11,1063,1064,1065,1067,1068,1070],{},"For personal data MultiClaw collects about its own account holders — such as login credentials and contact details — MultiClaw acts as the ",[69,1066,852],{},". That processing is covered by the ",[18,1069,318],{"href":317},", not the DPA.",[24,1072,1074],{"id":1073},"custom-terms","Custom terms",[11,1076,1077,1078,1080],{},"If your organisation requires provisions beyond the standard DPA, contact ",[18,1079,21],{"href":20}," to discuss custom terms. Common reasons for custom terms include:",[192,1082,1083,1086,1089,1092],{},[195,1084,1085],{},"Additional data residency requirements beyond the standard subprocessor locations",[195,1087,1088],{},"Specific audit procedures or timelines required by your industry regulator",[195,1090,1091],{},"Enhanced breach notification commitments, such as shorter notification windows",[195,1093,1094],{},"Supplementary security measures required by your organisation's compliance framework",[11,1096,1097],{},"Custom term requests take longer to process than standard DPA requests, as they require legal review on both sides. Include your specific requirements in the initial email so MultiClaw's legal team can assess the scope upfront.",{"title":230,"searchDepth":231,"depth":231,"links":1099},[1100,1101,1105,1106,1107,1108],{"id":868,"depth":231,"text":869},{"id":898,"depth":231,"text":899,"children":1102},[1103],{"id":931,"depth":1104,"text":932},3,{"id":951,"depth":231,"text":952},{"id":1027,"depth":231,"text":1028},{"id":1051,"depth":231,"text":1052},{"id":1073,"depth":231,"text":1074},"How to request a DPA, what it covers, and when it is required.",{},"\u002Flegal-compliance\u002Fdata-processing-agreement",[248,429,827,829],{"title":147,"description":1109},"data-processing-agreement","help\u002Flegal-compliance\u002F03.data-processing-agreement","-KM6rSXnSL5xfTAwjBSGveQvwK1ieX4yZ2wIEhnu0_U","Data processing agreement How to request a DPA, what it covers, and when it is required.",1778463887494]