Last updated 31 May 2026
This summary describes the data-protection commitments that attach to every engagement. The binding DPA is executed alongside your statement of work; this page is an overview, not a substitute.
Roles
On engagements, you are the data controller and obsequi.tech acts as a data processor, processing personal data only on your documented instructions.
Security measures
Encryption in transit and at rest, least-privilege access, secrets management, audit logging, and segregation of client environments. Detailed technical and organisational measures are scheduled to the signed DPA.
Sub-processors
We maintain a current list of sub-processors (e.g. cloud infrastructure providers) and give notice of changes. Sub-processors are bound by equivalent obligations.
Data subject requests
We assist you in responding to access, deletion, and rectification requests, and we build pipelines so those requests are technically feasible by design.
Breach notification
We notify you without undue delay — and within the timeframe set in the DPA — of any personal data breach affecting your data, with the information you need to meet your own notification duties.
Deletion & return
On termination, we return or securely delete your personal data per your instruction, save where retention is legally required.