The Oushvaa DPA is not published as a public document. It is available to verified prospective and active customers under signed NDA.
The Oushvaa Data Processing Addendum (LEG-002) contains specific commitments about sub-processor relationships, cross-border data transfer mechanisms, data retention windows, breach notification timelines, and audit cooperation that are commercially negotiated per customer. Publishing the document publicly would expose negotiation positions and surface contractual detail that has no consumer audience. This is standard practice across enterprise SaaS.
The DPA covers Oushvaa's role as data processor under DPDPA (India), GDPR (EU), UK GDPR, and equivalent regimes in expansion jurisdictions. It addresses purpose limitation, security measures, sub-processor governance, international transfer safeguards, customer audit rights, data subject request handling, and breach notification protocols. The document is reviewed annually and versioned under LEG-002.
Verified prospective customers can request the current DPA under our standard Mutual NDA (LEG-003). The process: contact us, NDA execution (typically same-day), DPA shared within 24 hours, customer security and legal teams review, redlines negotiated as standard.
DPA requests, sub-processor inquiries, or security review questions: legal@oushvaa.com. We respond within 24 hours on business days.
For the public framework underpinning the DPA, see the Trust page.