Legal
Data Processing Agreement
Last updated 10 May 2026
This Data Processing Agreement ("DPA") forms part of the agreement between BrainBoxIT Limited (trading as Filovera; the "processor") — a company registered in England and Wales (company number 11703272) with registered office at 6 Range Green, Portsmouth, PO2 8RE, United Kingdom — and the customer (the "controller") for the provision of the Filovera platform.
It reflects the requirements of the UK GDPR, the EU GDPR (where applicable), and the UK Data Protection Act 2018.
1. Roles
The customer is the data controller for any personal data processed within their tenant. BrainBoxIT Limited (trading as Filovera) is the data processor and will only process personal data on the customer's documented instructions.
2. Subject matter and duration
- Subject matter: provision of the Filovera inspection, compliance, and maintenance platform.
- Duration: the term of the underlying agreement, plus a 30-day grace period for data export, after which all customer data is permanently deleted.
- Categories of data subjects: customer's employees, contractors, and (where the customer chooses) end-customers, tenants, or visitors interacting with assets.
- Categories of personal data: name, email, role, IP address, photographs taken during inspections, digital signatures.
3. Sub-processors
The customer authorises Filovera to engage the sub-processors listed at filovera.com/legal/subprocessors (or filovera.co.uk/legal/subprocessors for UK customers). That page is the canonical, version-controlled register and is the document referred to throughout this DPA. The summary below is provided as a snapshot at the date of this DPA — the canonical register at the URL above takes precedence in case of any inconsistency.
We provide 30 days' prior notice of any addition or replacement of a sub-processor, by email to the controller's TenantAdmin contacts. The controller may object on reasonable grounds during that window; if we cannot accommodate the objection, the controller may terminate the affected service without penalty.
Snapshot at the date of this DPA:
| Sub-processor | Purpose | Region |
|---|---|---|
| Microsoft Azure | Hosting, storage, identity (Azure SQL, Blob Storage, App Service) | UK |
| Microsoft Entra External ID | Customer authentication / SSO (CIAM) | UK / EU |
| Microsoft Entra ID | Platform-admin authentication / SSO | UK / EU |
| Microsoft Graph | Transactional and notification email via Microsoft 365 | UK / EU |
| Azure AI Vision | Inspection photo quality gate (opt-in AI feature) | UK |
| Azure AI Document Intelligence | Certificate text extraction (opt-in AI feature) | UK |
| Azure OpenAI Service | Natural-language asset search (opt-in AI feature). Microsoft abuse-monitoring opt-out applied; no data used to train models. | UK |
| Azure AI Speech | Voice-to-text on inspection notes (opt-in AI feature) | UK |
| Cloudflare, Inc. | DNS, edge proxy, Turnstile bot-protection on the public fault-report form | EU / US |
| Plausible Analytics | Marketing-site analytics ONLY (the in-app dashboard does not run Plausible) | EU |
| Stripe, Inc. | Payment processing (PCI-DSS Level 1). Live for all paying customers. | US / EU |
Customer-controlled outbound integrations
Some platform features let the controller authorise an outbound flow of data to a third-party system the controller has its own contractual relationship with — for example, the Xero accounting integration lets a TenantAdmin connect their Xero organisation so that issued invoices are pushed to Xero on send. These outbound flows are not Filovera sub-processors:
- Filovera acts only as a conduit, transmitting data to the third party under tokens held on behalf of the controller.
- The controller's relationship with the third party (Xero in this example) is governed by the controller's separate contract and privacy notice with that third party.
- The controller can disconnect the integration at any time in the Filovera dashboard, after which no further outbound calls are made.
4. Security measures
Filovera implements appropriate technical and organisational measures, including:
- TLS 1.2+ in transit. Encryption at rest: AES-256 with Azure-managed keys. Customer-managed keys may be configured for bespoke Enterprise engagements.
- Multi-tenant logical isolation enforced at every database query via per-row tenant filtering, audited centrally.
- Microsoft Entra-based identity on every account: MFA is enforced on every sign-in by Conditional Access on the Filovera identity tenant. Bring-your-own Microsoft Entra ID SSO via OIDC + PKCE is available on Professional and Enterprise; the customer's own Conditional Access policies layer on top of the always-on Filovera MFA.
- Role-based access control and an immutable audit log of all admin and inspector actions.
- Internal multi-agent security review run at least quarterly and after any material architecture change; internal review reports are available to Enterprise customers under NDA. Commissioning an independent external penetration test is on the post-GA roadmap.
- Incident response process with notification to controllers within 72 hours of becoming aware of a breach affecting their data.
5. International transfers
Customer data is hosted in Microsoft Azure (UK) and is not replicated outside the UK without the controller's written consent. Where corporate functions require transfers (e.g. transactional email), they are governed by the UK International Data Transfer Agreement and/or the EU Standard Contractual Clauses, as applicable.
6. Data subject rights
Filovera provides controllers with self-service tools to handle access, rectification, restriction, portability, and erasure requests within their tenant. Where the controller cannot fulfil a request via the platform, Filovera will assist on request.
7. Audit
Once per 12 months, on 30 days' notice and at the controller's cost, the controller may audit Filovera's compliance with this DPA, subject to confidentiality. Filovera will share its trust packet (penetration test summary, architecture diagrams, sub-processor list) under NDA in lieu of an on-site audit where the controller agrees.
8. Return and deletion
On termination, the controller may export their data within 30 days. After 30 days, Filovera will delete all customer data. Backups: Azure Postgres Flexible Server point-in-time-restore window of 7 days plus geo-redundant backup to Azure UK West; deleted permanently after the PITR window expires. Filovera will provide written confirmation of deletion on request.
Contact
DPO / data protection contact: privacy@filovera.com.
Postal correspondence: BrainBoxIT Limited, 6 Range Green, Portsmouth, PO2 8RE, United Kingdom (mark for the attention of "Filovera — Data Protection").
This document was last updated on 10 May 2026.
This document reflects current Filovera processing. Final wording is under review by our DPO and external counsel; material changes will be re-published here with a version note.