Data Processing Addendum
Last updated: June 29, 2026
This Data Processing Addendum (“DPA”) applies to enterprise customers who process personal data through HushSafe or other MatrioshkaLabs B2B services.
Roles
Customer is the data controller. MatrioshkaLabs acts as data processor when handling end-user content submitted via Customer's platform through our APIs.
Processing scope
- Content moderation and classification
- Appeal workflow metadata
- Audit logs and transparency reporting
Security measures
Encryption in transit and at rest, access controls, penetration testing, and incident notification within 72 hours of confirmed breaches affecting Customer data.
Sub-processors
We maintain a sub-processor list available on request. Customers receive 30 days notice of material changes.
Data subject requests
We assist Customer in responding to data subject requests within reasonable timelines, consistent with our Privacy Policy.
Execution
Enterprise customers may request a signed DPA via Talk to Sales.
Template DPA. Legal counsel review required before execution.