Scope
This DPA supplements the Mockingbird Terms of Service when you process personal data of individuals located in the EEA, UK, or Switzerland as a Controller and Mockingbird acts as your Processor.
Subject matter & duration
Processing is limited to what's necessary to deliver the service, for the duration of your subscription, plus a 30-day tail for data return or deletion.
Standard Contractual Clauses
Where personal data is transferred out of the EEA/UK, the EU Commission's 2021 SCCs and the UK Addendum apply and are incorporated by reference.
Sub-processors
A current list of sub-processors is maintained at mockingbirdai.app/legal/subprocessors. You will be notified 30 days before any new sub-processor is engaged.
Security
Mockingbird maintains SOC 2 Type II controls, encryption in transit and at rest, least-privilege access, and 24/7 security monitoring.
Requesting execution
Email dpa@mockingbirdai.app to counter-sign the DPA. Enterprise customers receive a pre-signed version on contract execution.