Data Processing Addendum
- Effective:
- 25 June 2026
- Version:
- 1.0 (draft)
When you use the regulation10.ae platform at https://app.regulation10.ae, you (the customer) are the Controller of the personal data you bring into scope and Exec X AI Ltd (DIFC 10474) acts as your Processor. This Addendum summarises the written processing terms we enter into under DPL Art. 24. It forms part of the Master Subscription Agreement; the executed DPA prevails over this summary.
1. Roles and scope
We process customer personal data only to provide the platform and only on your documented instructions (the Agreement, the product configuration, and your in-app actions), unless a DPL or other applicable law requires otherwise — in which case we tell you first unless legally prohibited.
2. Our processor obligations (DPL Art. 24)
- process only on documented instructions, and only for the agreed purposes;
- ensure personnel are bound by confidentiality;
- apply the technical and organisational security measures required by DPL Art. 14;
- engage sub-processors only under written terms no less protective than this Addendum, and maintain the current list on our sub-processors page (with prior notice of changes and a right to object);
- assist you with data-subject requests and with your DPL accountability duties;
- notify you of a personal-data breach without undue delay and support your notification duties to the DIFC Commissioner;
- on termination, delete or return customer personal data, save where retention is legally required (immutable WORM audit records are retained for their lawful period).
3. Residency and international transfers
Regulated customer data is hosted in Azure UAE North (in-country compute, including AI inference). UAE North sits outside the DIFC and is not, at the date of this Addendum, on the DIFC adequacy list, so transfers rely on the DIFC Standard Contractual Clauses (DPL Art. 27) supported by a transfer impact assessment. Per-provider transfer mechanisms are listed on our sub-processors page. We do not market UAE North as "DIFC adequate".
4. Audit and assistance
We make available the information needed to demonstrate compliance with DPL Art. 24 and allow for and contribute to audits, including via the platform's read-only auditor evidence room and signed evidence packs.
5. Requesting the executed DPA
To execute the full Addendum (including the DIFC SCC modules) for your organisation, email privacy@regulation10.ae.