Data Processing Addendum (DPA)
This page summarizes NRSIP Registry data processing commitments for enterprise customers. Contractual DPA language is finalized in executed order forms.
Processor role
For customer account and operational telemetry data, NRSIP acts as processor under customer instruction, subject to security, legal, and anti-abuse controls.
Security commitments
NRSIP maintains encryption in transit, secret-managed credentials, role-gated access, audited lifecycle mutations, and incident response procedures aligned with enterprise control expectations.
Subprocessors and transfer controls
Core subprocessors include Google Cloud Platform (infrastructure) and Stripe (billing). Cross-border processing is governed by contractual transfer safeguards and applicable law.