1. Data Processing and Scope

Hercule processes personal data only as necessary to provide its services to the Customer. The Customer determines the nature, purpose, and scope of the data processed, and Hercule acts as a data processor on behalf of the Customer.

2. Data Storage and Location

All customer data is processed and stored within the United States.

3. Security and Compliance

Hercule implements appropriate technical and organizational measures to safeguard customer data against unauthorized access, loss, or misuse. These measures align with industry best practices and applicable data protection laws.

4. Confidentiality and Subprocessors

Hercule ensures that personnel handling customer data are bound by confidentiality obligations. Any subprocessors engaged by Hercule are required to meet the same security and compliance standards.

5. Data Subject Rights

Hercule provides reasonable assistance to the Customer in fulfilling data subject requests related to access, correction, deletion, and portability of personal data, where required by law.

6. Data Retention and Deletion

Hercule retains customer data only for as long as necessary to fulfill contractual obligations. Upon termination of services, data will be securely deleted, subject to any legal or regulatory requirements.

7. Breach Notification

In the event of a data security breach affecting customer data, Hercule will notify the Customer promptly and provide necessary details regarding the incident and mitigation steps.

8. Customer Responsibilities

The Customer is responsible for ensuring compliance with applicable data protection laws when using Hercule’s services. This includes obtaining necessary consents and ensuring lawful data collection and processing.

9. Governing Law

This DPA is governed by the same law as the primary agreement between Hercule and the Customer.

For any questions or requests regarding this DPA, please contact legal@hercule-ai.us.