Data Processing Agreement

Data Controller

The customer organization that determines the purposes and means of processing personal data contained in user accounts, uploaded legal documents, and matter materials.

Data Processor

ExhibitStampPro™ processes personal data solely on documented instructions from the Data Controller to provide exhibit management SaaS services.

• Names and professional contact information for authorized users and billing contacts.
• Email addresses used for account access, notifications, and support.
• Uploaded legal documents and exhibit materials, including metadata and identifiers contained therein.
• System logs, audit records, and usage data related to platform operations.

ExhibitStampPro™ processes personal data to provide exhibit management SaaS services, including document hosting, exhibit numbering and stamping, export formatting, authentication, security monitoring, customer support, and billing administration.

Personal data is retained for the duration of the customer's subscription and any post-termination period required for data export, backup expiry, legal compliance, or documented legal holds. Customers may request deletion subject to applicable law and technical backup cycles.

ExhibitStampPro™ engages subprocessors to deliver the service. A current list of subprocessors, their purposes, and data locations is published on our Subprocessors page. Customers authorize use of subprocessors subject to flow-down data protection obligations.

We implement technical and organizational measures to protect personal data, including access controls, encryption in transit, monitoring, and incident response procedures. A summary of our security controls is available on our Security Overview.

• Access: request confirmation of processing and a copy of personal data.
• Deletion: request erasure where applicable law and contractual terms permit.
• Portability: receive personal data in a structured, commonly used format where technically feasible.
• Correction: request correction of inaccurate personal data.

Data subjects should direct requests to the Data Controller. ExhibitStampPro™ will assist the Data Controller in responding to such requests per the executed DPA and applicable law.

The governing law applicable to this DPA depends on the customer's location and the terms of the executed agreement. Where no specific jurisdiction is designated, disputes are resolved under the laws applicable to the customer's principal place of business, subject to mandatory local data protection requirements.

For DPA requests, subprocessors inquiries, or data protection questions, contact contact@exhibitstamppro.com.