LoginRequest Access
Policy library

ReadinessOS policy framework

Data Processing Agreement (DPA)

Public ReadinessOS policy document for governance, transparency and operational trust.

Document status

Version1.0
Source31_data_processing_agreement_dpa.md
FormatMarkdown

READINESSOS

Policy: Data Processing Agreement (DPA)

Version: 1.0

Effective Date: 06/06/2026

Last Updated: 06/06/2026

Contact: ReadinessOS@proton.me

1. Document Purpose

This Data Processing Agreement (DPA) establishes the principles governing the processing of personal information by ReadinessOS when acting as a service provider for professional users, vessel operators, fleet organizations, and enterprise customers.

The objective of this agreement is to define responsibilities relating to data processing, security, confidentiality, international transfers, subprocessors, and user rights in accordance with applicable privacy legislation.

This DPA supplements, and should be read together with, the ReadinessOS Privacy Policy.

2. Scope

This agreement applies to:

  • Professional user accounts
  • Vessel accounts
  • Future fleet accounts
  • Enterprise customers
  • Readiness Passport records
  • Professional profiles
  • Identity verification
  • Document verification
  • API integrations
  • AI-assisted services
  • Future marketplace services

3. Definitions

For the purposes of this agreement:

Personal Data means information relating to an identified or identifiable individual.

Processing means any operation performed on personal data including collection, storage, organization, analysis, transmission, modification, or deletion.

Controller means the party determining the purposes and means of processing personal data.

Processor means the party processing personal data on behalf of a Controller.

Subprocessor means an authorized third party engaged to assist with processing activities.

4. Processing Roles

Depending upon the specific platform functionality used, ReadinessOS may operate as:

  • Data Controller
  • Data Processor
  • Joint Controller where applicable under law

Enterprise customers remain responsible for determining whether they act as Controllers for their own organizational data.

5. Categories of Data Processed

ReadinessOS may process:

Identity Data

  • Name
  • Email
  • Professional identity
  • ReadinessOS Identity
  • Authentication records

Professional Data

  • Career history
  • Vessel history
  • Position history
  • Badges
  • Readiness participation
  • Career Timeline

Vessel Data

  • Vessel profiles
  • Crew assignments
  • Drill records
  • Observations
  • Corrective actions
  • Scenario participation

Technical Data

  • Device information
  • Login history
  • Authentication logs
  • IP information where appropriate
  • Session information

Additional categories may be processed as platform functionality evolves.

6. Purpose of Processing

Personal data may be processed for purposes including:

  • User authentication
  • Platform operation
  • Professional profile management
  • Vessel management
  • Fleet management
  • Readiness tracking
  • Identity verification
  • Document verification
  • AI-assisted features
  • Customer support
  • Fraud prevention
  • Platform security
  • Legal compliance

Processing shall remain limited to legitimate platform purposes.

7. Confidentiality

ReadinessOS shall implement reasonable measures to protect confidential information from unauthorized access, disclosure, alteration, or misuse.

Personnel with access to personal data shall be subject to appropriate confidentiality obligations.

8. Security Measures

ReadinessOS implements reasonable technical and organizational safeguards including:

  • Encryption in transit
  • Authentication controls
  • Access control policies
  • Role-based permissions
  • Audit logging
  • Backup procedures
  • Infrastructure security
  • Monitoring systems

Security measures may evolve as technology and industry standards improve.

9. International Transfers

Personal information may be processed in jurisdictions outside the user's country of residence.

Where international transfers occur, ReadinessOS will implement reasonable safeguards consistent with applicable privacy legislation.

Users acknowledge that cloud infrastructure may involve cross-border processing.

10. Subprocessors

ReadinessOS may engage authorized subprocessors to assist with:

  • Cloud infrastructure
  • Authentication
  • Email delivery
  • AI processing
  • Payment processing
  • Analytics
  • Customer support
  • API services

Subprocessors shall be selected using reasonable commercial standards.

Subprocessor relationships remain subject to confidentiality and security obligations.

11. User Rights

Subject to applicable law, users may request:

  • Access to personal data
  • Correction of inaccurate data
  • Export of eligible data
  • Deletion of eligible data
  • Restriction of processing
  • Withdrawal of consent where applicable

Certain requests may require identity verification prior to processing.

12. Retention

Personal information shall be retained only as long as reasonably necessary for:

  • Platform operation
  • Historical continuity
  • Fraud prevention
  • Security investigations
  • Legal obligations
  • Platform integrity
  • Disaster recovery

Retention periods are further described in the Data Retention and Deletion Policy.

13. Data Breach Management

Where personal information is affected by a security incident, ReadinessOS may:

  • Investigate the incident
  • Isolate affected systems
  • Preserve audit records
  • Notify affected users where appropriate
  • Cooperate with authorities where required by law
  • Implement corrective measures

Notification obligations remain subject to applicable legislation.

14. AI Processing

Artificial intelligence services may process platform information to generate:

  • Readiness summaries
  • Educational content
  • Scenario recommendations
  • Professional summaries
  • Analytics
  • Operational insights

AI processing remains subject to the Privacy Policy and AI Usage & Responsible AI Policy.

AI outputs remain informational only.

15. Data Deletion

Users may request deletion of eligible personal information where permitted by law.

ReadinessOS may retain certain information where necessary for:

  • Fraud prevention
  • Legal obligations
  • Platform security
  • Historical audit records
  • Backup systems
  • Identity verification history

Deletion requests remain subject to applicable platform policies.

16. Enterprise Customers

Enterprise customers may execute separate contractual Data Processing Agreements where required.

Where such agreements exist, those agreements supersede this policy to the extent expressly provided.

17. Relationship to Other Policies

This agreement should be interpreted together with:

  • Terms of Service
  • Privacy Policy
  • Platform Security Policy
  • Data Ownership Policy
  • Data Retention and Deletion Policy
  • AI Usage & Responsible AI Policy
  • API & Third-Party Integration Policy

Where conflicts exist regarding personal information processing, the Privacy Policy shall govern unless superseded by a separate executed enterprise agreement.

18. Policy Updates

ReadinessOS may revise this agreement as platform architecture, privacy legislation, AI capabilities, enterprise services, or international processing requirements evolve.

Updated versions become effective upon publication unless otherwise specified.

19. Revision History

VersionDateDescription
1.006/06/2026Initial production release

END OF DOCUMENT