Trust & security

Easy to approve.
Built for regulated buyers.

The real buyer isn't the marketer — it's the person who signs. Everything your compliance and procurement team checks before a vendor is approved is ready from day one.

Vendor pack

Ready for due diligence.

The documents and controls a regulated buyer expects — prepared in advance, not scrambled together after a deal is on the table.

DPA & DORA addendumImmutable audit logEU AI Act-readyBrand-level isolationSub-processors disclosed
Checklist
Data Processing Agreement + DORA addendum
Append-only, immutable audit log
AI-content disclosure (EU AI Act)
Brand-level data isolation
Sub-processors fully disclosed

How your data is handled

Contwave acts as your processor — on your instructions, for your purposes only.

Processor, not owner

For your leads and audiences, you are the controller (GDPR Art. 28). We process on documented instructions.

No AI-training on your data

Your data is never used to train or improve models — enforced down the sub-processor chain.

Disclosed sub-processors

The full sub-processor list and their regions are documented and available on request.

The documents

Read them in the open — before you ever talk to sales.

Terms & ConditionsService, obligations, liability, governing law.
Privacy PolicyHow we process data as controller, GDPR rights.
Data Processing AgreementArticle 28 processing terms, no AI-training.
DORA ICT AddendumArticle 30(2) provisions for financial entities.
These are current working documents (v0.1), prepared in-house and pending final review by qualified counsel — provided for transparency and procurement review.

Need something for your vendor review?

A signed DPA, the sub-processor list, or a security questionnaire — just ask.

Contact us