Data Processing Addendum (DPA)

Incorporated into the MSA by reference: https://nightshield.ai/dpa

1) Roles & Scope

Customer is Controller; NightShield is Processor for Clips, thumbnails, incident metadata, camera labels, and alert recipient details.

2) Purpose & Nature

Provide incident detection, alerts, dashboards, and support; monitor camera health; generate and retain short Clips per Order Form.

3) Duration

For the term of the Order and any deletion window thereafter.

4) Processing Instructions

NightShield processes Personal Data only on documented instructions (MSA, Order Form, and Customer dashboard settings).

5) Confidentiality

NightShield ensures personnel are bound by confidentiality.

6) Security (TOMs)

Encryption in transit/at rest; access control & MFA; least-privilege; logging/monitoring; vulnerability management; backups & DR; secure development; vendor due diligence; annual external pentest (summary available under NDA).

7) Sub-processors

Listed at /subprocessors. NightShield will notify changes and provide an objection window of 10 days. If Customer reasonably objects, the parties will discuss in good faith; if unresolved, Customer may terminate the impacted Services (pro-rata refund of unused fees).

8) International Transfers

Where applicable, NightShield uses UK IDTA / EU SCCs and supplementary measures for third-country transfers.

9) Assistance

NightShield assists Customer with DPIAs, data subject requests, and regulatory enquiries within reasonable efforts and timelines.

10) Breach Notification

NightShield will notify Customer without undue delay after becoming aware of a Personal Data Breach and share relevant details as known.

11) Deletion/Return

At termination or on written request, NightShield will delete or return Personal Data. Default Clip retention per Order Form (e.g., 24–72h) unless Customer requests a longer period in writing for investigations.

12) Audit

On request, NightShield will provide security/pentest summaries and relevant policy extracts. One audit per year on 30 days' notice, during business hours, limited to controls relevant to the Services; Customer bears costs.

13) Training Data (Optional)

If Customer does not tick the Opt-Out box on the Order Form, NightShield may use de-identified Clips and derived features to improve models. No attempt will be made to re-identify individuals.

14) Liability

DPA liability is subject to the MSA's liability clause and carve-outs.

Related Documents

This DPA is incorporated by reference into the Master Service Agreement (MSA).

For information about our subprocessors, please visit /subprocessors.

Contact Us

If you have any questions about this Data Processing Addendum, please contact us at legal@nightshield.ai

For privacy-related inquiries, please contact privacy@nightshield.ai