Legal

Data Processing Addendum

Last updated 1 June 2026 · This summary is provided for clarity and is not a substitute for the full agreement. Questions? legal@arete.so

This Addendum forms part of the agreement between you (“Controller”) and Arete (“Processor”) and governs the processing of personal data on your behalf.

Scope & roles

Where Arete processes personal data on your instructions to provide the service, you are the Controller and Arete is the Processor.

Processing details

Sub-processors

We use vetted sub-processors for hosting, analytics, and data enrichment. A current list is available on request, and we give notice before adding new ones.

Security measures

Encryption in transit and at rest, least-privilege access, logging, and regular security review. Details available under NDA.

International transfers

Where data is transferred outside its region of origin, we rely on Standard Contractual Clauses or an equivalent approved mechanism.

Breach notification

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data.