Flash NarrativeFLASHNARRATIVE

Legal

Data Processing Agreement

Effective May 7, 2025  ·  VHM Corp  ·  Flash Narrative

Enterprise Shield

This Data Processing Agreement forms part of the contract between VHM Corp and enterprise clients. It governs the processing of personal data carried out by VHM Corp as Data Processor on behalf of the Client as Data Controller.

3.1

Roles and Responsibilities

For the purposes of this Agreement, the Client acts as the Data Controller, determining the purposes and means of processing — specifically, deciding which brands, competitors, and entities to monitor. VHM Corp acts as the Data Processor, executing monitoring, analysis, and reporting activities strictly in accordance with the Client's documented instructions.

3.2

Compliance with NDPA

VHM Corp warrants that all personal data processed under this Agreement will be handled in full compliance with the Nigeria Data Protection Act 2023. VHM Corp will process data only on documented instructions from the Client, and will not transfer personal data to a third country without appropriate safeguards in place.

3.3

Security Measures

VHM Corp shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including but not limited to:

  • Multi-factor Authentication

    All administrative access to platform infrastructure and client data requires multi-factor authentication.

  • Vulnerability Management

    Regular vulnerability scanning and penetration testing of the FastAPI backend and supporting infrastructure.

  • Multi-tenant Isolation

    Strict data segregation ensures that no client can access, view, or influence the analysis or data belonging to another client.

3.4

Breach Notification

In the event of a suspected or confirmed personal data breach, VHM Corp will notify the Client without undue delay and in any event within 72 hours of becoming aware of the breach. Notification will include a description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.

3.5

Data Deletion

Upon termination or expiry of the Client's agreement with VHM Corp, all Client-specific data — including branding assets, saved reports, user accounts, and associated configurations — will be securely deleted or returned to the Client within 30 days of the termination date, unless VHM Corp is required by applicable law to retain such data for a longer period.