Service agreement draft · Noindex

Pilot-terms drafting outline—not an offer or agreement.

The contracting entity, service scope, reviewer capacity, DPA, security schedule, refund position, liability terms and governing law are unresolved. Applying for a pilot or viewing this page creates no contract and authorises no personal-data processing.

No pilot has been purchased or accepted through this page. No payment should be taken and no customer request data should be transferred until both parties sign reviewed documents that identify the contracting entities, exact service, data handling, security responsibilities, price, cancellation or refund terms and authorised reviewers.

Acceptance gate

Documents required before a live pilot.

  • a signed order form or statement of work with verified legal entities and authorised signatories;
  • professionally reviewed service terms covering the agreed pilot;
  • a GDPR data processing agreement with instructions, roles and Article 28 terms where applicable;
  • a security schedule describing the actual architecture, access method and controls;
  • a verified subprocessor and transfer schedule;
  • a retention and deletion schedule for case data, working copies, identity evidence and logs;
  • an incident-response and notification procedure;
  • written confirmation of human-review responsibility and capacity; and
  • scope acceptance before any fee is charged or live personal data is accessed.

Service promise gate: “review-ready within 24 hours” may appear in an executed scope only when required access, source coverage, reviewer availability, start conditions and exceptions are defined and Trace can genuinely deliver it.

Drafting module 01

Commercial scope and acceptance.

Define the purchased outcome

The order form should state whether the pilot covers one test request or an accepted live request, the request type, legal entities, products, up to which sources, expected output, delivery route and authorised reviewer. “DSAR automation” is not a sufficiently specific deliverable.

Set explicit start conditions

The service clock should begin only after the named conditions are satisfied: signed documents, confirmed scope, operational capacity, approved access, usable identifiers, customer contacts and any required identity decision.

Define acceptance and open exceptions

State how the customer reviews the pack, when a retrieval gap requires rework, what is outside scope and how unresolved legal or technical questions are handed back.

Price, invoicing and refund or cancellation

The public €1,500 concierge-pilot price is a hypothesis, not an invoice. Executed documents must state the exact fee, taxes, payment timing, cancellation right, non-delivery remedy, refund position and whether any later annual credit is discretionary or binding.

Drafting module 02

Data protection and source access.

Roles and documented instructions

The parties must determine their actual GDPR roles from the processing. If Trace acts as a processor, the DPA must capture the controller’s documented instructions, confidentiality, security, subprocessors, assistance, deletion or return, audit information and other applicable Article 28 requirements.

Least-privilege retrieval

The source schedule should list each approved project or account, retrieval method, permission, credential owner, expiry, revocation step and customer validator. Broad production access must not be implied by accepting general service terms.

Special-category and high-risk data

The order form should say whether such data is excluded, requires enhanced controls or makes the case ineligible. The pilot application itself must not invite sensitive case data.

Retention, return and deletion

Set separate rules for source credentials, raw exports, normalised working files, identity-verification evidence, response packs, event logs and backups. State what is returned, what is deleted, what evidence of deletion is provided and any lawful exception.

Drafting module 03

Human review and responsibility.

The agreement must identify who makes case-specific decisions. “Human in the loop” is not enough unless the person, authority and availability are clear.

TRACE

Operational preparation

Agreed retrieval, source inventory, normalisation, response draft, exception flags and event record.

CUSTOMER

Controller instructions

Scope, identity decision, source validation, retention instructions, reviewer appointment and final response.

REVIEWER

Case-specific judgement

Third-party information, applicable limitations, legal positions, disclosure approval and response wording.

ESCALATION

Open questions

When Trace pauses, who responds, what happens to the target and which cases must be declined.

NO CLAIM

No autonomous legal decision

No generated output becomes final merely because the workflow marks a pack ready for review.

CAPACITY

Availability confirmed

Reviewer qualifications, working hours and hand-off timing must be real, not assumed in marketing.

Drafting modules 04–06

Security, confidentiality and legal risk allocation.

Security schedule

Describe only verified controls: authentication, reviewer access, secret storage, encryption, tenant separation, event logging, secure delivery, vulnerability handling, incident response and customer revocation. Do not insert unverified certifications or hosting claims.

Confidentiality and personnel

Define who may access customer materials, binding confidentiality obligations, training or qualification requirements and the approval process for external reviewers.

Incident notification

Set detection, containment, evidence preservation, customer contact, information content and timing appropriate to the parties’ roles and applicable law.

Intellectual property and outputs

Address customer data, pre-existing methods, configured queries, templates, generated drafts, feedback and rights to use anonymised or aggregated learnings. Do not assume pilot access permits product training.

Warranties, liability and insurance

These positions require counsel and insurance review. They must reflect that Trace provides operational preparation, not guaranteed legal compliance, while still allocating responsibility for security, confidentiality and service failure fairly.

Term, termination and exit

Define the pilot period, termination rights, effect on active cases, credential revocation, data return or deletion, surviving obligations and transition assistance.

Next legal action: establish the operator and contracting jurisdiction; appoint legal, privacy and security owners; verify pilot delivery capacity; complete the DPA, security, subprocessor and retention schedules; and obtain professional approval. Keep this route noindex until the placeholder is replaced.