Before FNR AI processes any organizational data on your behalf, we recommend signing a DPA that defines each party's data-processing obligations. Below is the outline of our DPA, the sub-processor list, and a self-serve PDF download.
1. Parties & roles
The agreement is signed between Enortic, Inc. (processor) and the customer organization using FNR AI (controller). The customer is responsible for personal data it submits regarding its staff or end users; FNR AI processes data only on the customer's documented instructions.
2. Categories of personal data
- Account data: name, email, organization, role.
- Project metadata: project names, descriptions, task titles, member assignments.
- Connected content (optional): third-party tool data explicitly connected by the user (Jira, GitHub, Slack, etc.).
- Telemetry: anonymized usage metrics and error reports (can be disabled).
3. Purpose and duration of processing
Data is processed solely to provide, maintain and support the FNR AI service. The processing duration is limited to the customer contract term, with deletion obligation within 30 days of termination.
4. Sub-processors
| Provider | Service | Data center | Purpose |
|---|---|---|---|
| AWS | Cloud infrastructure | Frankfurt, Virginia | Cloud components, backups |
| Cloudflare | CDN, DDoS protection | Global | Network security |
| Stripe | Payment processing | US, EU | Billing |
| OpenAI | AI model | US | User-selected AI features |
| Anthropic | AI model | US | User-selected AI features |
5. Security measures (GDPR Article 32)
- TLS 1.3 in transit; AES-256 at rest.
- Least-privilege access control with 2FA and SSO; all access is logged.
- Annual penetration tests, continuous monitoring, behavioral anomaly detection.
- 72-hour breach notification, backup and disaster recovery plan.
6. International transfers
Transfers outside the EU/EEA rely on Standard Contractual Clauses (SCCs) and appropriate supplementary safeguards. Transfers from Türkiye are assessed under Article 9 of KVKK.
7. Data deletion
Within 30 days of contract termination, all customer data is irreversibly deleted or returned upon request. Records subject to statutory retention are excluded from this window.
8. Request & signature
For a signature-ready PDF, write to legal@enortic.com or download the placeholder PDF. The final agreement is sent for signature after legal review.
Enortic, Inc. — enortic.com