Nuri/Trust Center
Sign in

Data Processing Agreement

Last updated: March 10, 2026

What Is a DPA?

A Data Processing Agreement (DPA) is a legally binding contract between a data controller (you) and a data processor (us) that governs how personal data is handled. Under GDPR Article 28, a DPA is required whenever a controller engages a processor to handle personal data on their behalf. Enterprise customers and organizations subject to GDPR, CCPA, or similar regulations typically require a signed DPA before using cloud-based services like Nuri.

Key Terms

Our DPA covers the following commitments from DeWitt Strategic Advisors, LLC ("DeWitt Labs") as your data processor:

  • Processing on your instructions. We process personal data only in accordance with your documented instructions. We do not sell, share, or use your data for our own purposes beyond providing the Nuri service.
  • Security measures. We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews.
  • Breach notification. In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, providing all information required under GDPR Article 33.
  • Sub-processor management. We maintain a list of sub-processors and will notify you before engaging any new sub-processor, giving you the opportunity to object.
  • Audit support. We will make available all information necessary to demonstrate compliance with our obligations and allow for and contribute to audits and inspections conducted by you or an auditor you mandate.
  • Data deletion. Upon termination of the service agreement, we will delete or return all personal data at your choice, and delete existing copies unless retention is required by applicable law.
  • Data subject rights. We will assist you in responding to data subject requests (access, rectification, erasure, portability, restriction, and objection) through appropriate technical and organizational measures.

Incorporated Terms

The full data processing terms are incorporated by reference from our Privacy Policy and Terms of Service. These documents describe in detail how we collect, use, store, and protect data in connection with the Nuri service.

Request a Signed DPA

If your organization requires a signed Data Processing Agreement, please contact us at privacy@dewitt.us. Include your organization name, primary contact, and any specific requirements or addenda you need addressed. We aim to return a signed DPA within 5 business days.