WOS Wontopos WOS
Back to site사이트로
Legal법적 고지
Terms of Service이용약관 Privacy Policy개인정보처리방침 Data Processing (DPA)데이터 처리 계약 Service Level (SLA)서비스 수준 협약 Acceptable Use (AUP)이용 정책

Data Processing Agreement (DPA)

Last Updated: 2026-06-29 Data Processor: Wontopos, L.L.C. ("Processor") Data Controller: The Client entity entering into this agreement ("Controller")


This DPA forms part of and is incorporated into the Terms of Service between the Processor and Controller.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including storage, retrieval, and deletion.
  • "Client Data" means all data, including Personal Data, submitted to the Service by the Controller.
  • "Sub-processor" means any third party engaged by the Processor to assist in processing Client Data.
  • "Documented Instructions" means the Controller's API calls to the Service together with the Terms of Service and this DPA, which constitute the Controller's instructions to the Processor for purposes of GDPR Article 28. The Controller is responsible for ensuring that its instructions, and the Client Data it submits, comply with applicable law. Documented Instructions do not authorize, and the Processor will not carry out, any processing that would be unlawful.

2. Scope and Purpose of Processing

2.1 The Processor shall process Client Data only:

  • For the purpose of providing the AI memory storage and retrieval Service (WOS)
  • In accordance with the Controller's documented instructions
  • To the extent necessary to perform the Service

2.2 The Processor shall not process Client Data for any other purpose, including but not limited to:

  • AI model training or improvement
  • AI inference or content generation for Wontopos's own purposes
  • Analytics, profiling, or derived insights from Client content
  • Sharing with third parties for commercial purposes
  • Marketing or advertising purposes

3. Data Security

The Processor implements and maintains the following technical and organizational measures:

  • Encryption at rest: AES-256 via a customer-managed AWS KMS key with automatic 90-day rotation, applied to RDS, EBS volumes, and snapshots. EBS default encryption is enabled.
  • Encryption in transit: TLS 1.2+ (Caddy + Let's Encrypt auto-renewal)
  • Access controls: MFA on privileged access; least-privilege IAM. Personnel access to Client Data is prohibited except as specified in Section 4.
  • Infrastructure: AWS us-east-1 (N. Virginia)
  • Threat detection: Amazon GuardDuty enabled, 15-minute finding frequency
  • Audit logs: CloudTrail multi-region trail, 7-year retention in S3 Object Lock (immutable)
  • Vulnerability management: Regular security assessments
  • Breach notification: We notify affected Controllers without undue delay after becoming aware of a personal-data breach, and will provide the information required to support the Controller's own Article 33 obligations. Notification reaches the Controller through the request form on our website at wontopos.com/contact (the designated security channel) and through status.wontopos.com.

4. Personnel Access

4.1 Wontopos personnel do not access, view, or read Client Data in the ordinary course of providing the Service.

4.2 Access may only occur in the following limited circumstances:

  • At the explicit written request of the Controller for technical support
  • As required by applicable law or court order (in which case we will notify the Controller where legally permitted)

4.3 Any personnel with potential access to Client Data are bound by confidentiality obligations.

5. Data Use Limitation

For the Tablet model, WOS performs no LLM inference in the storage or retrieval path: retrieval is embedding-based search and ranking only, and no language model reads, rewrites, or generates over Client Data when it is stored or recalled.

For the Scroll model, WOS additionally uses a large language model provided by one of our LLM sub-processors (Google, Anthropic, or OpenAI) to interpret and reformulate the Controller's query within the retrieval path. Only the Controller's query text — and alternative search queries derived from it — is sent to that provider, solely to improve which memories are retrieved; the stored memories themselves are not sent to that provider. This sub-processor is identified in Section 8.

The Codex model performs reasoning with a Wontopos-operated model on isolated, per-tenant storage kept separate from the shared memory. Any model WOS uses in the retrieval or reasoning path is disclosed in this Agreement, and in the Sub-processors section, before it processes Client Data, and remains bound by the no-training commitment in this Section. In all cases, Wontopos never uses Client Data to train, fine-tune, or improve any model.

For all models, the LLM the Controller uses to read the returned memories (Anthropic, OpenAI, a local model, or any other) runs within the Controller's own stack and is the Controller's own sub-processor; WOS stores and retrieves the memory chunks that this LLM uses.

We explicitly confirm that Client Data is never used for:

  • Model training or fine-tuning of any model on Client Data
  • AI inference or content generation for Wontopos's own purposes
  • Analytics, profiling, or derived insights from Client content
  • Third-party sale or sharing
  • Marketing or advertising purposes

Data flow:

  1. Controller text → embedding sub-processor (vector generation, no Client Data retained) → Wontopos-operated vector database (stored)
  2. Controller query → (Scroll only: query text → LLM sub-processor (Google / Anthropic / OpenAI) → alternative search queries) → embedding sub-processor (query vectors) → Wontopos-operated vector database (top-k search) → returned to the Controller's own LLM stack

6. Data Retention and Deletion

6.1 Client Data is retained for the duration of the Service agreement.

6.2 Inactive Account Deletion: Wontopos may, at its discretion, permanently delete Client Data stored in the Service (including data held in the vector store) where the associated account has had no API activity (no read, write, or search calls) for an extended period. Where Wontopos intends to delete data under this clause, it will use reasonable efforts to provide advance written notice to the account contact through the request form channel on our website, and any API call before the scheduled deletion will preserve the data. This is a discretionary housekeeping practice and not an automated guarantee.

6.3 Upon termination or at the Controller's request:

  • Controller may, where the export path is available, retrieve their Client Data within 30 days of termination
  • Client Data will be permanently deleted within 60 days of termination
  • Deletion will be confirmed in writing upon request
  • Backup copies of Client Data will be purged within the same 60-day window. The S3 Object Lock immutability described in Section 3 applies to CloudTrail audit logs only and does not apply to Client Data or its backups.

6.4 Controller may request deletion of individual data subjects' data at any time via the API or by submitting a request through the form on our website at wontopos.com/contact. We will action confirmed deletion requests without undue delay and, where technically feasible, within 30 days.

7. Data Location

Client Data is stored and processed in:

  • Region: United States, AWS us-east-1 (N. Virginia)
  • Deployment: Single region (us-east-1) and currently single Availability Zone. Backups are retained within the same us-east-1 region. The current deployment does not provide multi-AZ resilience.

Data is processed and stored solely within the us-east-1 region. We will not transfer Client Data to other regions without prior written consent from the Controller.

8. Sub-processors

8.1 Current sub-processors:

Sub-processor Purpose Data Processed Location
Amazon Web Services (EC2, RDS, EBS, KMS, S3) Compute, database, storage, encryption key management All Client Data (encrypted) us-east-1
Embedding & reranking provider Vector generation and reranking Text to vectors only; no data retained by vendor United States
LLM provider (one of: Google, Anthropic, OpenAI) Query interpretation and reformulation for the Scroll model Controller query text only (not stored memories) United States
Let's Encrypt (ISRG) TLS certificate issuance Domain name only United States
PostHog Anonymized product analytics (opt-out supported) Anonymized usage metrics only EU/US

Note: For the Tablet model, WOS calls no LLM in the storage or retrieval path. For the Scroll model, WOS uses one of its LLM sub-processors (Google, Anthropic, or OpenAI) to interpret and reformulate the Controller's query, as listed above. In all tiers, the LLM the Controller uses to read the returned memories (e.g., Anthropic, OpenAI) is the Controller's own sub-processor, not Wontopos's.

Vendor identities: The specific identity of the embedding and reranking provider, and of the vector-storage infrastructure, is treated as Wontopos confidential information (the Scroll query-reformulation LLM is named above). To satisfy GDPR Article 28 transparency, Wontopos will disclose the specific identity of any such confidential sub-processor to a Controller on request under NDA, including before contracting, while protecting Wontopos's proprietary architecture.

8.2 We will notify Controllers at least 30 days before adding new sub-processors. Controllers may object to a new sub-processor within 14 days of receiving notification. If a Controller objects and Wontopos cannot reasonably accommodate the objection, the Controller may terminate the affected Service and receive a pro-rata refund of any prepaid, unused balance attributable to that Service. If no objection is received within 14 days, the addition is deemed accepted.

8.3 All sub-processors are contractually bound to data protection obligations equivalent to those set out in this DPA, as required by GDPR Article 28(4). The Processor remains fully liable to the Controller for the performance of the sub-processor's obligations.

9. Data Subject Rights

9.1 We will assist the Controller in responding to data subject requests (access, correction, deletion, portability) within the timeframes required by applicable law, including within 10 days under PIPA (개인정보보호법 Articles 35–37).

9.2 Controllers are responsible for responding to their end users' rights requests.

10. Compliance

10.1 We are committed to compliance with applicable data protection laws, including:

  • CCPA (California Consumer Privacy Act)
  • PIPA (대한민국 개인정보보호법)

10.2 International data transfers: Client Data is stored and processed in AWS us-east-1 (United States). The Service is not offered to data subjects in the EU/EEA or the United Kingdom, so no EU/UK personal-data transfer mechanism (such as the Standard Contractual Clauses) is required. For Controllers subject to PIPA, transfers comply with the international-transfer provisions of the 개인정보보호법.

10.3 Security certifications: Our infrastructure runs on AWS, which maintains SOC 2 Type II, ISO 27001, and PCI DSS certifications; these are available to customers directly from AWS under AWS's terms (AWS Artifact). Wontopos itself is not separately certified yet (a SOC 2 Type II audit is planned).

11. Audit Rights

Annual compliance confirmation is provided by written attestation, once per year, at no cost to the Controller. Requests should be submitted with reasonable advance notice. If a Controller requires an on-site audit or a third-party audit, such audits may be arranged with reasonable notice and are conducted at the Controller's expense.

12. Additional Processor Obligations

12.1 DPIA and prior consultation (Art. 28(3)(f)): Taking into account the nature of the processing and the information available to the Processor, the Processor will provide reasonable assistance to the Controller with data protection impact assessments and any prior consultation with a supervisory authority.

12.2 Return or deletion on termination (Art. 28(3)(g)): At the Controller's election, the Processor will return or delete all Client Data after the end of the provision of the Service, and delete existing copies, unless retention is required by applicable law. Where no election is made, the deletion process in Section 6.3 applies.

12.3 Unlawful instructions (Art. 28(3)(h)): The Processor will inform the Controller if, in its opinion, an instruction infringes applicable data-protection law. The Processor may suspend the affected processing until the instruction is confirmed, amended, or withdrawn.

12.4 CCPA Service Provider: With respect to personal information subject to the CCPA, the Processor acts as a "Service Provider." The Processor does not sell or share Client personal information, and processes it only to provide the Service on the Controller's behalf and for no other commercial purpose.

12.5 Governing law and forum: This DPA is governed by the laws of the State of Delaware, without regard to its conflict-of-laws rules, and the parties submit to the courts having jurisdiction there, in each case subject to any governing-law or forum terms in the Terms of Service.

13. Contact for Data Matters

Data protection inquiries, including those directed to the Processor's data protection point of contact, should be submitted through the request form on our website at wontopos.com/contact.

Where a registered agent address is legally useful, the Processor's registered agent address is on file for Wontopos, L.L.C. and is provided on request through the same channel. The Processor's authorized representative for this DPA is Wontopos, L.L.C. or its authorized representative.

← Previous이전 Privacy Policy개인정보처리방침 Next다음 → Service Level (SLA)서비스 수준 협약
WOSWontoposWOS
Won + Topos - one place where memory lives.
Product
Why WOS Benchmark Pricing For agents
Developers
Docs API SDKs
Legal
Terms of Service Privacy Policy Data Processing (DPA) SLA Acceptable Use
Start
Get API key Contact Self-host