Data Processing Agreement

This Data Processing Agreement ("DPA") supplements the Terms of Service. It forms a legally binding contract between Tarquin Barnsby trading as AgencySoftware.io ("Processor") and the Fostering Agency or registered B2B user ("Controller"). It satisfies the requirements of Article 28 of the UK General Data Protection Regulation (UK GDPR).

1. Roles and Scope

Controller: The Fostering Agency or B2B client who dictates the purpose and means of processing.
Processor: FosterFlow (AgencySoftware.io), acting strictly on the Controller's instructions to provide software infrastructure.
Scope: The processing of Special Category Data (child health/welfare records, audio logs, reports) generated by carers affiliated with the Controller.

2. Processing Instructions

The Processor shall treat Personal Data and Special Category Data as Confidential Information. The Processor will only process Data to provide, secure, and maintain the FosterFlow platform, and will not use it for its own purposes, marketing, or independent AI foundational model training.

3. Sub-Processors

The Controller authorizes the Processor to engage the following sub-processors. The Processor remains fully liable for the performance of its sub-processors:

Sub-Processor	Purpose	Location	Safeguards
Supabase	Primary Database	US / EU	SCCs, Encryption at Rest
Clerk	Authentication & Identity	US	SCCs, SOC 2 Type II
Cloudflare R2	Audio & Object Storage	Global	SCCs, Encrypted Buckets
Google (Gemini)	AI Transcription/Drafts	Global	Zero-Training Enterprise API
Stripe	Payment Processing	US / UK	PCI-DSS L1, SCCs

4. Tenant Security & Isolation

The Processor implements strict Row Level Security (RLS) policies ensuring logical tenant separation. Information cannot be queried across Agency boundaries. All data in transit is encrypted using strictly enforced TLS.

5. Data Breach Notification

In the event of a confirmed Personal Data Breach, the Processor shall notify the Controller without undue delay, and in any event within 72 hours of becoming aware of the breach. The Processor will assist the Controller in its obligations to notify the ICO.

6. Deletion and Return of Data (91-Day Lifecycle & Archive Tier)

Upon termination or failure to renew the Controller's subscription:

30-Day Read-Only Grace Period: Carer logs and agency files are immediately locked against new additions, but remain accessible for offline export/downloads.
Day 91 System Purge: On the 91st day following cancellation, all child data, logs, incidents, reports, and medication histories are permanently destroyed from active databases.
Safeguarding & LADO Freeze Override: If a child record is flagged with a Safeguarding Active Freeze (due to an active Local Authority Designated Officer or child protection investigation), all automated retention purge rules are bypassed, locking the data in place indefinitely.
Archive Tier: Fostering agencies can transition to the Archive/Compliance Tier to preserve secure, read-only Ofsted-ready access to historical records without active write access.
Ofsted Daily Locking Guideline: To enforce data integrity required under Ofsted National Minimum Standards, daily log entries are frozen and cryptographically sealed (SHA-256) within 24 hours of creation, preventing subsequent edits or retroactive amendments.

7. Data Subject Rights Assistance

The Processor provides automated export tools (e.g., the 1-Click DSAR Vault) allowing the Controller to fulfill Data Subject Access Requests (DSAR) independently. If direct technical assistance is required, the Processor will provide it within a commercially reasonable timeframe.

8. Governing Law

This DPA is governed by the laws of England and Wales and the exclusive jurisdiction of the English courts.

Data Processing Agreement (DPA)