Legal contract governing controller-processor duties and security mandates
This agreement defines the security and processing relationship between the enterprise client (Data Controller) and BrightAI (Data Processor). It forms an indivisible and binding part of the primary Master Subscription Agreement.
The Processor commits to acting solely under the written instructions of the Data Controller. The processing scope is strictly confined to providing AI Firewall inspection, governance auditing, and compiling Evidence Files, without using client data for proprietary AI training.
The Processor deploys rigid technical and operational safeguards aligned with NCA ECC and ISO 27001 certifications. In the event of a detected security incident, the Processor will notify the Controller within 72 hours, delivering a forensic report and Evidence File to assist containment.
Use these crawlable links to continue through Bright AI services and implementation pages.