molecule-dev-app

Data Processing Addendum

The DPA that will apply to processing of personal data once finalized.

Last updated: DRAFT

DRAFT — not legal advice, not yet binding

This document is a non-binding draft shell pending review by legal counsel. The section headers below are placeholders; the body text has not been written and nothing here creates any obligation. Do not rely on this document.

1.Roles of the Parties

[Pending legal review — counsel to complete]

2.Processing Scope

[Pending legal review — counsel to complete]

3.Sub-processors

Scope note for counsel (non-binding): this section will list authorized sub-processors (AI providers, Stripe, hosting) and the change-notification process.

[Pending legal review — counsel to complete]

4.Security Measures

[Pending legal review — counsel to complete]

5.Data Subject Requests

[Pending legal review — counsel to complete]

6.Breach Notification

[Pending legal review — counsel to complete]

7.HIPAA / BAA Note

Scope note for counsel (non-binding): for apps that process PHI, brokered mode makes molecule a business associate, gated by a BAA chain (see docs/BAAS.md §7). PHI-carrying apps either stay on BYO (no molecule-as-processor) or require the BAA chain before broker is enabled — an explicit per-app posture toggle.

[Pending legal review — counsel to complete]

8.International Transfers

[Pending legal review — counsel to complete]

9.Contact

[Pending legal review — counsel to complete]

This is placeholder text in a draft document and is not legal advice. Final terms will be provided after legal review.