Data Processing Addendum

Last updated: August 4, 2025

1. Scope and Roles

This Data Processing Addendum ("DPA") is an addendum to the Terms of Service between NexusFlow Inc. ("Processor") and you ("Controller"). This DPA applies to the extent that we process personal data on your behalf in the course of providing the Services. This DPA will be effective and replace any previously applicable data processing and security terms as of the date first signed.

2. Processor's Obligations

As a Data Processor, NexusFlow will:

• Process personal data only on your documented instructions, unless required to do so by applicable law.
• Ensure that our personnel who are authorized to process personal data are subject to binding confidentiality obligations.
• Implement and maintain appropriate technical and organizational security measures to protect the personal data.
• Assist you, the Controller, in fulfilling your obligations to respond to data subjects' requests to exercise their rights.
• Notify you without undue delay after becoming aware of a personal data breach.

3. Sub-processors

You agree that we may use sub-processors to fulfill our contractual obligations under the Terms of Service. We will maintain a list of our sub-processors, and we will notify you of any intended changes concerning the addition or replacement of other sub-processors.