ProtocolRetainerSecure Comms
24/7 Confidential Line
Protocol Addendum 202.C

Data Processing
Agreement.

Last updated: January 17, 2026

This Data Processing Agreement (“DPA”) is an addendum to and forms part of the Web Forensics Lab Terms of Mandate. It governs the clinical processing of Personal Data by The Agency on behalf of The Principal.

1. Framework & Roles

The Parties acknowledge that for any Personal Data processed under this DPA, The Principal acts as the Data Controller and Web Forensics Lab acts as the Data Processor. The Agency will process Personal Data only on behalf of and in accordance with the Principal's documented instructions.

Processor

Web Forensics Lab, LLC (“The Agency”), a New York based investigative entity.

Controller

The entity or individual agreeing to the Terms of Mandate (“The Principal”).

2. Scope of Processing

The Processing involves Personal Data submitted to, stored on, or transmitted through The Agency's cloud infrastructure. This includes search queries, digital identifiers, and forensic artifacts requested for clinical analysis.

  • Nature: Cloud-based forensic search, digital intelligence gathering, and evidentiary storage.
  • Purpose: Provision of investigative services, narrative analysis, and mandate fulfillment.
  • Data Subjects: Individuals identified within digital artifacts or search parameters submitted by The Principal.

3. Authorized Sub-processors

The Principal authorizes The Agency to engage the following clinical infrastructure partners to assist in the processing of data:

Amazon Web Services (AWS)Secure Cloud Infrastructure & Data Residency
Stripe, Inc.Financial Mandate Execution & Transaction Processing
ResendEncrypted Protocol Communication & Transmission
UpstashReal-time Intelligence Caching & Rate Limiting
Google Cloud PlatformAuxiliary Computational Intelligence & Analytics

4. Security Standards

The Agency implements rigorous technical and organizational measures as required by Article 32 of the GDPR:

Zero-Trust Access

Strict role-based access control (RBAC) and multi-factor authentication (MFA) for all Agency personnel.

Clinical Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 standard encryption keys.

Isolation Protocol

Forensic environments are logically isolated, and critical data is air-gapped from irrelevant processing layers.

5. International Transfers

The Agency is based in the United States. All international transfers from the EEA or UK are governed by the Standard Contractual Clauses (SCCs) Module Two (Controller-to-Processor) as approved by the European Commission, ensuring an equivalent level of protection.

6. Data Retention & Deletion

Upon expiration of the mandate or written request by The Principal, The Agency shall securely purge all Personal Data from its production systems. Residual copies in encrypted backups will be purged according to our 30-day clinical rotation cycle.

Jurisdiction: State of New York // Clinical Standard: GDPR Art. 28 Compliant

Web Forensics Lab, LLC handles all intelligence mandates with absolute discretion.