description

Data Processing Agreement

Last Updated: January 2025

Note: This Data Processing Agreement (DPA) applies to Enterprise and Corporate customers processing personal data through Invent.sg in compliance with GDPR, PDPA (Singapore), and similar regulations.

1. Definitions

Data Controller: The customer organization determining purposes and means of processing personal data.

Data Processor: Invent.sg, processing personal data on behalf of the Controller.

Personal Data: Any information relating to identified or identifiable individuals.

2. Scope and Duration

This DPA applies to all personal data processed by Invent.sg on behalf of the customer and remains in effect for the duration of the Service Agreement.

3. Data Processing Obligations

Invent.sg shall:

  • • Process personal data only on documented instructions from the customer
  • • Ensure personnel are bound by confidentiality obligations
  • • Implement appropriate technical and organizational security measures
  • • Assist with data subject requests (access, deletion, portability)
  • • Notify customer of data breaches within 72 hours
  • • Delete or return data upon termination

4. Security Measures

We implement industry-standard security controls including:

  • • Encryption at rest and in transit
  • • Access controls and authentication
  • • Regular security audits and penetration testing
  • • Incident response procedures
  • • Business continuity and disaster recovery

5. Sub-Processors

Invent.sg may engage sub-processors for limited purposes (e.g., cloud hosting, AI model providers). Current sub-processors:

  • • Amazon Web Services (Cloud Infrastructure)
  • • Anthropic (AI Models)

Customers will be notified 30 days before any changes to sub-processors.

6. Data Transfers

For international data transfers, we rely on:

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions where available
  • • Data residency options (for Corporate customers)

7. Customer Obligations

The Customer must:

  • • Ensure lawful basis for processing
  • • Provide necessary privacy notices to data subjects
  • • Respond to data subject requests
  • • Maintain records of processing activities

8. Audits

Customers may request security documentation or conduct audits with reasonable notice. SOC 2 reports available upon request.

9. Contact

For DPA inquiries: dpo@invent.sg

Enterprise customers: Download the full DPA for signature via your account dashboard or contact sales.