Web4Guru AI Operations
Legal

Data Processing Addendum

Last updated: 25 April 2026

DRAFT — HAVE A REAL LAWYER REVIEW BEFORE EXECUTING. This document is a working placeholder for the Web4Guru Data Processing Addendum. It is not legal advice, has not been reviewed by counsel, and is not a binding contract. Do not sign or rely on this draft. Engage qualified counsel in your jurisdiction before executing any DPA.

01 · Definitions

Words mean what they usually do.

Capitalized terms used and not otherwise defined in this addendum have the meanings given in the underlying customer agreement between the customer ("Customer") and Web4Guru Co., Ltd. ("Web4Guru"). "Personal Data" has the meaning assigned by applicable data protection law in the jurisdiction in which Customer operates.

For the purposes of this addendum, Customer is the data controller and Web4Guru is the data processor with respect to Personal Data submitted to the Web4Guru service.

02 · Processing

Scope, purpose, duration.

Web4Guru processes Personal Data only on documented instructions from Customer, for the duration of the customer agreement, and for the purposes of providing and improving the service. Web4Guru will not process Personal Data for any other purpose without Customer's prior written instructions.

The categories of data subjects, categories of Personal Data, and processing activities are described in the customer agreement and in our published documentation.

03 · Sub-processors

Disclosed and current.

A current list of approved sub-processors is published at /security. Web4Guru will provide Customer reasonable advance notice of any intended changes to the sub-processor list and will give Customer an opportunity to object on reasonable grounds.

Web4Guru remains responsible for sub-processors' compliance with the obligations described in this addendum.

04 · Security

Technical and organizational measures.

Web4Guru maintains commercially reasonable technical and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, and destruction. A high-level summary is published at /security.

Personnel with access to Personal Data are bound by written confidentiality obligations.

05 · Audits

Reasonable verification on request.

Customer may request, no more than once per calendar year and on reasonable advance notice, a summary of the most recent third-party audit reports relevant to the service (such as SOC 2 reports, when available). Where audit reports are not available or are insufficient, the parties will agree on a reasonable verification approach in good faith.

06 · Breach notification

Without undue delay.

Web4Guru will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer's data, and in any event within the period required by applicable law. Notification will include the information reasonably required to allow Customer to meet its own notification obligations.

07 · Data retention

While the agreement is active, plus a wind-down window.

Web4Guru will retain Personal Data for the duration of the customer agreement plus a 30-day wind-down period, during which Customer may export its data. After the wind-down period, Web4Guru will delete Personal Data from primary storage and purge it from backup storage on the next backup rotation, except where retention is required by law.

08 · Termination

Return or delete on request.

Upon termination of the customer agreement, and at Customer's written election, Web4Guru will return or delete all Personal Data in its possession, subject to legal retention requirements and the operational backup rotation described above.

09 · Contact

One inbox for everything DPA-adjacent.

For DPA-related requests, including execution of a counter-signed copy, email privacy@web4guru.com. See also our Privacy Policy.