Data Processing
Agreement

Definitions

In this Agreement, the following definitions apply:

• "Agreement" means this Data Processing Agreement, including any annexes.
• "Controller" means the Customer: the legal entity that has entered into a subscription agreement with the Processor and determines the purposes and means of processing.
• "Processor" means WNK Data Consultancy, the party that processes personal data on behalf of the Controller.
• "Personal data" has the meaning given in GDPR Article 4(1).
• "Processing" has the meaning given in GDPR Article 4(2).
• "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council.
• "Sub-processor" means any third party engaged by the Processor to process personal data under this Agreement.
• "Service" means the MetricSign software-as-a-service platform as described in the Terms of Service.

Subject matter, nature, and purpose of processing

The Processor processes personal data solely to provide the Service: monitoring of the Controller's data pipelines, detecting anomalies and incidents, and delivering operational intelligence to authorised users.

Processing activities include: ingestion of metadata from the Controller's connected systems, storage of run history and incident records, delivery of alert notifications, and (if the AI Assistant is enabled) enrichment of incident context via a third-party language model.

The Processor processes personal data only on the documented instructions of the Controller. The Service subscription and the Controller's configuration choices constitute documented instructions for this purpose.

Categories of personal data and data subjects

The personal data processed under this Agreement may include:

• Workspace member identifiers — names and email addresses of users who are members of monitored workspaces, as returned by the Controller's cloud platform APIs.
• Error messages — technical error text from failed pipeline runs, which may incidentally contain user-identifiable information.
• Alert recipients — names and contact details (email address, Telegram identifier) of users configured to receive operational alerts.
• User account data — email addresses and names of the Controller's employees who use the MetricSign platform directly.

The categories of data subjects are: employees and contractors of the Controller who are members of monitored workspaces, and employees and contractors of the Controller who use the MetricSign platform.

MetricSign does not process row-level business data, report content, financial figures, or any data that is not metadata about the operation of data pipelines.

Duration

This Agreement enters into force upon acceptance of the Terms of Service and remains in effect for the duration of the subscription. Upon termination of the subscription, Article 10 (Return and deletion of data) applies.

Obligations of the Processor

5.1 Instructions. The Processor processes personal data only on documented instructions from the Controller. If the Processor is required by EU or Member State law to process personal data for another purpose, it will inform the Controller before processing, unless prohibited by law.

5.2 Confidentiality. The Processor ensures that all personnel authorised to process personal data are bound by confidentiality obligations (contractual or statutory) and receive appropriate data protection training.

5.3 Security. The Processor implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as a minimum: encryption of personal data in transit (TLS 1.2+) and at rest; credential encryption (Fernet symmetric encryption for stored service credentials); access controls limiting data access to authorised personnel and systems; regular security reviews. See Annex I for a summary of current measures.

5.4 Sub-processors. The Processor may engage sub-processors as listed in Article 8. The Processor imposes data protection obligations on each sub-processor equivalent to those in this Agreement. The Processor remains fully liable to the Controller for sub-processor performance.

5.5 Data subject rights. The Processor assists the Controller in responding to requests from data subjects exercising their rights under GDPR (Articles 15–22), taking into account the nature of the processing. Requests received directly by the Processor are forwarded to the Controller within five (5) business days.

5.6 Assistance with obligations. The Processor assists the Controller in fulfilling its obligations under GDPR Articles 32–36 (security, breach notification, data protection impact assessments, prior consultation), taking into account the nature of the processing and the information available to the Processor.

5.7 Personal data breach notification. The Processor notifies the Controller without undue delay — and in any case within 72 hours of becoming aware — of a personal data breach. Notification includes at minimum: a description of the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences, and the measures taken or proposed to address the breach.

Obligations of the Controller

The Controller is responsible for:

• Ensuring there is a lawful basis for providing personal data to the Processor for processing under this Agreement.
• Ensuring that data subjects have been provided with appropriate privacy information (e.g. via the Controller's own privacy notice) regarding the use of MetricSign.
• Providing instructions to the Processor that are lawful and do not require the Processor to violate applicable law.
• Configuring the Service in a manner consistent with this Agreement, including restricting access to authorised users only.

International transfers

The Processor's primary infrastructure is located within the European Economic Area (Hetzner, Germany).

Where personal data is transferred to a sub-processor located outside the EEA (specifically Anthropic, Inc. in the United States, and Resend, Inc.), the Processor ensures that such transfers are subject to appropriate safeguards as required by GDPR Chapter V. Currently, transfers to Anthropic and Resend are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914).

Transfer of personal data to Anthropic only occurs when the AI Assistant feature is enabled by an authorised administrator. The AI Assistant can be disabled at any time in the Settings panel, and may be replaced by a local FAQ mode that involves no data transfer outside the EEA.

Authorised sub-processors

The Controller authorises the use of the following sub-processors. The Processor notifies the Controller of any intended addition or replacement of sub-processors with at least thirty (30) days' notice, giving the Controller the opportunity to object.

Audit rights

The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Agreement and in GDPR Article 28. The Processor allows for and contributes to audits and inspections conducted by the Controller or an auditor mandated by the Controller.

Audit requests must be submitted in writing with at least thirty (30) days' notice. Audits may not unreasonably disrupt the Processor's operations or compromise the security or confidentiality of other customers' data. Reasonable costs of providing audit assistance may be charged to the Controller. As a first step, the Controller may request written responses to a standard questionnaire before commissioning an on-site audit.

Return and deletion of data

Upon termination of the subscription — regardless of reason — the Processor:

• Ceases all processing of the Controller's personal data within thirty (30) days.
• Provides the Controller, upon written request submitted within thirty (30) days of termination, with an export of all stored data in machine-readable format (JSON or CSV).
• Permanently deletes all personal data from its systems within sixty (60) days of termination, including from backup systems at the next scheduled backup rotation.
• Provides written confirmation of deletion upon request.

Data that the Processor is legally required to retain (e.g. for tax or accounting purposes) is retained only for the required statutory period and is processed for no other purpose.

Liability and indemnification

The liability of the parties under this Agreement is subject to the limitations and exclusions set out in the Terms of Service, to the extent permitted by applicable law.

The Processor's total aggregate liability under this Agreement shall not exceed the total fees paid by the Controller to the Processor in the twelve (12) months preceding the event giving rise to the claim. This limitation does not apply to liability arising from wilful misconduct or gross negligence.

Governing law and jurisdiction

This Agreement is governed by the laws of the Netherlands. Any disputes arising from this Agreement that cannot be resolved amicably shall be submitted to the exclusive jurisdiction of the competent courts in the Netherlands.

Technical and organisational measures

The following measures are in place at the date of this Agreement. The Processor may update these measures over time provided that the overall security level is not reduced.