Data Processing Agreement (DPA) — Enterprise Beta

BETA VERSION — This document is provided for use during Whera's private beta testing period. It is substantially complete but has not yet undergone final legal review. This version is not intended for public distribution. A finalized version will be published before public launch.

Effective date: Effective upon acceptance during private beta period Entity: Whera LLC, a Wyoming limited liability company Last updated: 2026-02-07

Relationship to other agreements: This Data Processing Agreement ("DPA") supplements and is incorporated into the Terms of Service, the Enterprise Service Agreement (if applicable), and any other agreement between the Customer and Whera LLC governing the Customer's use of the Whera service (collectively, the "Agreement"). In the event of a conflict between this DPA and the Agreement, this DPA prevails with respect to data processing matters.

1. Definitions

For purposes of this DPA, the following definitions apply. Terms not defined here have the meanings given in the Agreement, GDPR, or applicable data protection law.

Term	Definition
"Controller"	The entity that determines the purposes and means of Processing Personal Data. In the context of this DPA, the Customer is the Controller.
"Processor"	The entity that Processes Personal Data on behalf of the Controller. In the context of this DPA, Whera LLC is the Processor.
"Data Subject"	An identified or identifiable natural person whose Personal Data is Processed. In the context of Whera, Data Subjects are typically the Customer's employees, contractors, or family members whose location is shared through the service.
"Personal Data"	Any information relating to a Data Subject, as defined under applicable data protection law (including GDPR Article 4(1), CCPA §1798.140(v), and equivalent definitions under other applicable laws).
"Processing"	Any operation performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, transmission, deletion, or destruction.
"Sub-processor"	A third party engaged by Whera to Process Personal Data on behalf of the Customer.
"GDPR"	Regulation (EU) 2016/679 (General Data Protection Regulation).
"UK GDPR"	The GDPR as retained in UK law by the European Union (Withdrawal) Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.
"CCPA/CPRA"	The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.
"SCCs"	Standard Contractual Clauses adopted by the European Commission for international transfers of Personal Data.
"Customer Data"	All Personal Data that the Customer or its authorized users provide to, or that is collected by, the Whera service in connection with the Customer's use of the service.
"Security Incident"	A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.
"Enhanced Privacy Mode"	Whera's end-to-end encrypted mode where location data is encrypted on-device before transmission and cannot be accessed by Whera's servers.
"Enhanced Features Mode"	Whera's server-processed mode where location data is encrypted in transit and at rest but is readable by Whera's servers to enable advanced features.

2. Scope and Roles

2A. Scope of Processing

This DPA applies to all Processing of Customer Data by Whera in connection with the Customer's use of the Whera service under the Agreement. The details of the Processing are described in Annex I (Description of Processing).

2B. Roles

Customer acts as the Controller of Customer Data. The Customer determines which individuals are tracked, which features are enabled, which privacy mode is selected (Enhanced Privacy or Enhanced Features), and the retention periods applicable to Customer Data within the limits offered by the service.
Whera acts as the Processor of Customer Data. Whera Processes Customer Data solely on the Customer's documented instructions and in accordance with this DPA.

2C. Enhanced Privacy Mode Limitation

When the Customer selects Enhanced Privacy mode for a group, location data within that group is end-to-end encrypted on-device before transmission. In this mode:

Whera cannot access, read, process, or decrypt location data
Whera's Processing obligations under this DPA are limited to the encrypted ciphertext and associated metadata (timestamps, group membership, account information)
Whera cannot fulfill data subject access requests, rectification requests, or erasure requests with respect to the content of end-to-end encrypted data — the Customer is solely responsible for these obligations for encrypted data
The Customer acknowledges that selecting Enhanced Privacy mode limits Whera's ability to assist with certain Controller obligations under GDPR Articles 15–22

3. Customer Obligations

3A. Lawful Basis

The Customer warrants that it has a lawful basis for Processing Personal Data through the Whera service, including but not limited to:

Obtaining valid consent from Data Subjects (GDPR Article 6(1)(a)) where consent is the lawful basis
Establishing that Processing is necessary for the performance of a contract (GDPR Article 6(1)(b)) with the Data Subject
Establishing a legitimate interest (GDPR Article 6(1)(f)) that is not overridden by the Data Subject's rights, where legitimate interest is the lawful basis
Complying with applicable employment and labor laws governing employee monitoring in the relevant jurisdiction(s)

3B. Data Subject Notification

The Customer is responsible for providing Data Subjects with all required notices and disclosures regarding the Processing of their Personal Data through Whera, including but not limited to:

The identity and contact details of the Controller
The purposes and legal basis of Processing
The categories of Personal Data collected
Any recipients or categories of recipients
Retention periods
Data Subject rights (access, rectification, erasure, restriction, portability, objection)
The existence of automated decision-making or profiling, if applicable
International transfer safeguards, if applicable

3C. Instructions

The Customer's instructions to Whera regarding the Processing of Customer Data are documented in this DPA (including its Annexes) and in the configuration choices the Customer makes within the Whera service (e.g., privacy mode selection, feature enablement, retention settings, group creation). The Customer may provide additional documented instructions provided they are consistent with the Agreement and applicable law. Whera may charge reasonable fees for compliance with instructions beyond the scope of the standard service.

3D. Compliance with Acceptable Use Policy

The Customer is responsible for ensuring that its use of the Whera service — including the monitoring of employees and contractors — complies with the Acceptable Use Policy, including the enterprise-specific requirements in Section 7 of the AUP.

4. Whera's Processing Obligations

4A. Processing on Instructions

Whera shall Process Customer Data only on the Customer's documented instructions as described in Section 3C, unless required to do so by applicable law. If Whera is required by law to Process Customer Data outside the scope of the Customer's instructions, Whera shall inform the Customer of that legal requirement before Processing (unless the law prohibits such notification on important grounds of public interest).

4B. Confidentiality

Whera shall ensure that all personnel authorized to Process Customer Data:

Are bound by contractual obligations of confidentiality
Process Customer Data only as necessary to perform their duties
Have received appropriate training on data protection and security

4C. Security Measures

Whera shall implement and maintain appropriate technical and organizational measures to protect Customer Data against unauthorized or unlawful Processing, accidental loss, destruction, or damage. These measures are described in Annex II (Technical and Organizational Measures) and include, at minimum:

Encryption of Customer Data in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
End-to-end encryption for Enhanced Privacy mode groups (using Whera's whera-mls library, implementing MLS RFC 9420)
Access controls and authentication for all systems Processing Customer Data
Regular security assessments and penetration testing
Intrusion detection and monitoring
Incident response procedures
Employee security training
Physical security of data center facilities (managed by sub-processors — see Section 6)

Whera shall regularly review and update these measures to maintain a level of security appropriate to the risk, taking into account the state of the art, costs of implementation, nature and scope of Processing, and the risks to Data Subjects.

4D. Data Subject Rights Assistance

Whera shall assist the Customer in responding to requests from Data Subjects exercising their rights under applicable data protection law (GDPR Articles 15–22, CCPA/CPRA rights, and equivalent provisions under other laws), including:

Right of access (GDPR Art. 15): Whera will provide the Customer with access to Customer Data in a structured, commonly used, machine-readable format upon request
Right to rectification (GDPR Art. 16): Whera will implement corrections to Customer Data as instructed by the Customer
Right to erasure (GDPR Art. 17): Whera will delete Customer Data as instructed by the Customer, subject to the retention and deletion timelines in Annex I and the Terms of Service (Section 4C)
Right to restriction (GDPR Art. 18): Whera will restrict Processing of Customer Data as instructed by the Customer
Right to data portability (GDPR Art. 20): Whera will export Customer Data in a structured, commonly used, machine-readable format (JSON or CSV) upon the Customer's request
Right to object (GDPR Art. 21): Not applicable to Processor Processing on Controller instructions, but Whera will assist as reasonably requested

Whera shall respond to the Customer's requests for assistance within 10 business days, or within the timeframe required by applicable law if shorter.

DSAR handling process:

If Whera receives a data subject request directly (e.g., from an employee of the Customer), Whera shall promptly notify the Customer and shall not respond to the Data Subject directly unless instructed to do so by the Customer or required by law.
The Customer is responsible for verifying the identity of the Data Subject and determining the validity of the request.
Whera will provide the technical assistance necessary for the Customer to fulfill the request.

4E. Data Protection Impact Assessment (DPIA) Assistance

Whera shall provide reasonable assistance to the Customer in conducting Data Protection Impact Assessments (GDPR Article 35) and prior consultations with supervisory authorities (GDPR Article 36) to the extent that such assistance relates to Whera's Processing of Customer Data. This assistance may include providing documentation about Whera's security measures, Processing activities, and data flows.

4F. Records of Processing

Whera shall maintain records of Processing activities carried out on behalf of the Customer as required by GDPR Article 30(2), including:

The name and contact details of Whera as Processor and of the Customer as Controller
The categories of Processing carried out on behalf of the Customer
International transfers of Personal Data and the safeguards in place
A general description of technical and organizational security measures

5. Security Incidents

5A. Notification

Whera shall notify the Customer of any Security Incident without undue delay and in any event within 72 hours of becoming aware of the incident. The notification shall include, to the extent known:

The nature of the Security Incident, including the categories and approximate number of Data Subjects affected
The categories and approximate volume of Customer Data affected
The likely consequences of the incident
The measures taken or proposed to address the incident, including measures to mitigate potential adverse effects
The name and contact details of Whera's point of contact for the incident

5B. Ongoing Communication

Whera shall provide supplementary information as it becomes available and shall cooperate with the Customer's investigation and response efforts. If Whera cannot provide all required information within the initial 72-hour notification, it shall provide information in phases without undue delay.

5C. Customer Notification Obligations

The Customer is responsible for determining whether a Security Incident requires notification to supervisory authorities (GDPR Article 33) or Data Subjects (GDPR Article 34), and for making such notifications. Whera shall provide reasonable assistance in fulfilling these obligations.

5D. Remediation

Following a Security Incident, Whera shall:

Take immediate steps to contain and mitigate the incident
Conduct a root cause analysis
Implement corrective measures to prevent recurrence
Provide the Customer with a written incident report within 30 days of the incident, including root cause analysis and remediation steps

5E. Limitations for Enhanced Privacy Mode

For data Processed in Enhanced Privacy mode (end-to-end encrypted), Whera's ability to assess the scope and impact of a Security Incident may be limited because Whera cannot access the encrypted content. In such cases, Whera shall:

Notify the Customer of the incident as described above
Provide all available metadata and infrastructure-level information
Clearly communicate that the encrypted content was not accessible to Whera and therefore the impact on encrypted data cannot be fully assessed by Whera
Assist the Customer in determining the scope of impact to the extent possible

6. Sub-processors

6A. Authorized Sub-processors

The Customer provides general authorization for Whera to engage Sub-processors to Process Customer Data in connection with the service. The current list of Sub-processors is provided in Annex III (Sub-processor List) and is available at whera.app/legal/sub-processors.

6B. Sub-processor Obligations

Whera shall:

Enter into a written agreement with each Sub-processor imposing data protection obligations no less protective than those in this DPA
Remain fully liable to the Customer for the acts and omissions of its Sub-processors
Conduct due diligence on Sub-processors before engagement to ensure they can provide sufficient guarantees regarding technical and organizational security measures

6C. Notification of Changes

Whera shall notify the Customer at least 30 days before engaging a new Sub-processor or replacing an existing one. Notification shall be sent to the email address associated with the Customer's enterprise account and shall include:

The name and location of the new Sub-processor
The nature of Processing to be performed
The categories of Customer Data the Sub-processor will access

6D. Objection Right

If the Customer has a reasonable, documented objection to a new Sub-processor based on data protection concerns, the Customer shall notify Whera in writing within 15 days of receiving the Sub-processor notification. Upon receiving a valid objection:

Whera shall make commercially reasonable efforts to address the Customer's concerns, which may include offering an alternative Sub-processor or modifying the scope of Processing
If the objection cannot be resolved within 30 days, the Customer may terminate the affected portion of the service (or the entire Agreement if the Sub-processor is integral to core service functionality) without penalty, with a pro-rated refund of prepaid fees
If the Customer does not object within the 15-day period, the Customer is deemed to have approved the new Sub-processor

7. International Data Transfers

7A. Transfer Mechanisms

If Customer Data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country that has not received an adequacy decision from the European Commission or the UK Government (as applicable), Whera shall ensure that appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs): The EU SCCs adopted by European Commission Implementing Decision (EU) 2021/914 are incorporated into this DPA by reference and attached as Annex IV. For transfers subject to UK GDPR, the International Data Transfer Addendum to the EU SCCs (issued by the UK ICO) applies.
Transfer Impact Assessment: Whera has conducted a transfer impact assessment evaluating the laws and practices of the destination country to determine whether they provide an essentially equivalent level of protection. The assessment is available upon request.
Supplementary Measures: Where the transfer impact assessment identifies risks, Whera implements supplementary technical measures (e.g., encryption in transit and at rest, pseudonymization) to ensure an essentially equivalent level of protection.

7B. Data Location

Customer Data is Processed and stored in the following regions:

Primary: AWS US-West-2 (Oregon, USA)
Backup/DR: AWS US-East-1 (Virginia, USA) — when disaster recovery is enabled
CDN/Edge: Amazon CloudFront global edge locations (when CDN is enabled for static assets only; no Customer location data is served via CDN)

Whera shall not transfer Customer Data outside the regions specified above without the Customer's prior written consent, except where required by applicable law (in which case Whera shall inform the Customer in advance where legally permitted).

7C. Data Residency Option (Enterprise)

Enterprise customers may request that their Customer Data be stored exclusively within a specific geographic region (e.g., EU-only, US-only). Data residency options are subject to availability and may incur additional fees. Where a data residency commitment is made, it shall be documented in the Enterprise Service Agreement.

8. Audits

8A. Audit Right

The Customer (or its authorized independent auditor, subject to reasonable confidentiality obligations) may audit Whera's compliance with this DPA once per calendar year, or more frequently if required by applicable law or a supervisory authority, or following a Security Incident.

8B. Audit Process

The Customer shall provide at least 30 days' written notice of an intended audit
Audits shall be conducted during normal business hours and in a manner that minimizes disruption to Whera's operations
Whera may require the auditor to sign a confidentiality agreement before accessing Whera's facilities or systems
The Customer bears the cost of the audit, except where the audit reveals a material breach of this DPA, in which case Whera shall bear the reasonable costs of the audit

8C. Alternative Audit Evidence

In lieu of a physical or systems audit, Whera may satisfy the audit right by providing:

Current SOC 2 Type II report (or equivalent independent third-party audit report)
Results of recent penetration testing (summary, not full report — full report available under NDA)
Completed security questionnaire (SIG, CAIQ, or equivalent)
Certifications (ISO 27001, if obtained)

If the Customer reasonably determines that the alternative evidence is insufficient to verify compliance, the Customer retains the right to conduct a direct audit per §8A and §8B.

9. Data Retention and Deletion

9A. Retention During the Agreement

During the term of the Agreement, Whera shall retain Customer Data in accordance with the retention settings configured by the Customer within the service, subject to the retention limits established by the Customer's subscription tier.

9B. Deletion Upon Termination

Upon termination or expiration of the Agreement:

Data export period. The Customer has 30 days from the effective date of termination to export Customer Data using Whera's data export tools (JSON, CSV). Whera shall provide reasonable assistance in facilitating the export.
Deletion from active systems. Within 7 days following the end of the export period (or upon the Customer's earlier written request to delete), Whera shall delete all Customer Data from active production systems.
Deletion from backups. Customer Data in disaster-recovery backups shall be purged within 30 days of deletion from active systems. During this window, backup data is retained solely for system integrity and is not used for any other purpose.
Certification of deletion. Upon the Customer's written request, Whera shall provide a written certification that Customer Data has been deleted in accordance with this section. Certification shall be provided within 10 business days of the completion of the backup purge.

9C. Legal Holds

If Whera is required by applicable law, regulatory order, or legal process to retain Customer Data beyond the periods specified above, Whera shall:

Notify the Customer of the retention requirement (unless prohibited by law)
Retain only the minimum data required by the legal obligation
Delete the retained data promptly when the legal obligation expires

9D. Enhanced Privacy Mode Data

For data Processed in Enhanced Privacy mode, Whera holds only encrypted ciphertext. Deletion of encrypted data follows the same timelines above. Whera cannot verify the contents of encrypted data before or after deletion.

10. CCPA/CPRA-Specific Provisions

To the extent that Customer Data includes Personal Information of California residents and is subject to the CCPA/CPRA:

10A. Processor/Service Provider Status

Whera acts as a "Service Provider" as defined in CCPA §1798.140(ag) (as amended by CPRA). Whera shall not:

Sell or share (as defined in CCPA/CPRA) Customer Data
Retain, use, or disclose Customer Data for any purpose other than performing the services specified in the Agreement
Retain, use, or disclose Customer Data outside the direct business relationship between Whera and the Customer
Combine Customer Data with personal information received from other sources, except as permitted by CCPA/CPRA

10B. Compliance Certification

Whera certifies that it understands the restrictions in §10A and will comply with them. Whera further certifies that it will notify the Customer if it determines that it can no longer meet its obligations under this section.

10C. Consumer Rights Assistance

Whera shall assist the Customer in responding to verifiable consumer requests under CCPA/CPRA, including requests to know, delete, correct, and opt out of sale/sharing, to the extent such requests relate to Customer Data Processed by Whera.

11. Term and Termination

11A. Term

This DPA is effective as of the date the Customer first accesses the Whera enterprise service and remains in effect for the duration of the Agreement. If the Agreement terminates, this DPA terminates simultaneously, subject to the survival of obligations regarding data deletion (Section 9) and ongoing confidentiality.

11B. Termination for Data Protection Breach

If either party materially breaches its obligations under this DPA and fails to cure the breach within 30 days of receiving written notice, the non-breaching party may terminate this DPA and the Agreement. The Customer's right to terminate upon Sub-processor objection (Section 6D) is in addition to this general termination right.

12. Miscellaneous

12A. Governing Law

This DPA is governed by the same governing law provisions as the Agreement (see Terms of Service, Section 17), except that:

For Processing of Personal Data subject to the GDPR, the GDPR and applicable EU member state law take precedence over the governing law of the Agreement to the extent of any conflict
For Processing of Personal Data subject to UK GDPR, UK data protection law takes precedence
The SCCs (Annex IV) are governed by the law of the EU member state specified therein

12B. Liability

Liability under this DPA is subject to the liability limitations in the Agreement (Terms of Service, Section 13), except where applicable data protection law requires otherwise. Nothing in this DPA limits either party's liability for violations of applicable data protection law to the extent such limitations are prohibited by law.

12C. Precedence

In the event of a conflict between this DPA, the Agreement, and the SCCs:

The SCCs prevail (for transfers within their scope)
This DPA prevails (for data processing matters)
The Agreement prevails (for all other matters)

12D. Severability

If any provision of this DPA is found to be invalid or unenforceable, the remaining provisions remain in full force and effect. The invalid provision shall be replaced by a valid provision that achieves the same data protection objectives to the greatest extent possible.

Annex I — Description of Processing

Element	Description
Subject matter	Provision of the Whera family/team location sharing service
Duration	Duration of the Agreement
Nature of Processing	Collection, storage, transmission, display, analysis (Enhanced Features mode only), and deletion of location data and associated metadata
Purpose of Processing	Enabling real-time and historical location sharing within the Customer's groups; providing safety features (SOS, crash detection, geofence alerts, departure alerts); generating driving reports and analytics (Enhanced Features mode only); delivering push notifications and alerts
Categories of Data Subjects	The Customer's employees, contractors, and/or family members who are authorized users of the Whera service
Categories of Personal Data	Precise GPS location (latitude, longitude, altitude, accuracy, speed, heading); timestamps; device identifiers; IP addresses; account information (name, email address); group membership; geofence/zone definitions; battery level; crash detection sensor data; SOS alert data; encrypted location data (Enhanced Privacy mode — ciphertext only)
Sensitive data	Precise geolocation is classified as sensitive data under some frameworks (e.g., CPRA §1798.140(ae)). No special category data under GDPR Article 9 is intentionally collected, though location data may indirectly reveal such information (e.g., visits to religious or medical facilities).
Retention period	As configured by the Customer within the limits of their subscription tier. Default: [to be determined — e.g., 90 days for location history, 30 days for crash data]. Data deleted per Section 9 upon termination.

Annex II — Technical and Organizational Measures

Encryption

Data in transit: TLS 1.2+ (TLS 1.3 supported) via AWS ALB SSL Policy ELBSecurityPolicy-TLS13-1-2-2021-06
Data at rest: AES-256 via AWS KMS Customer Managed Keys (CMKs) with annual automatic key rotation
Enhanced Privacy mode: End-to-end encryption using Whera's whera-mls library (MLS RFC 9420, Ed25519 signing, XChaCha20-Poly1305 AEAD, per-message key derivation via HKE/HKDF)
Database encryption: AWS DynamoDB server-side encryption with dedicated KMS CMK; all 10 tables encrypted at rest
Cache encryption: AWS ElastiCache Redis with KMS at-rest encryption and TLS in-transit encryption
Queue/messaging encryption: AWS SQS queues encrypted with KMS CMK
Backup encryption: AWS Backup vault encrypted with KMS CMK; vault lock policy enforces immutability (backups cannot be deleted before retention period expires)

Access Controls

Role-based access control (RBAC) for all internal systems
Principle of least privilege for employee access to production systems
Multi-factor authentication (MFA) required for all employee access to systems containing Customer Data
Quarterly access reviews
Automatic session timeout for administrative interfaces

Infrastructure Security

Cloud infrastructure: AWS US-West-2 (Oregon); DR region US-East-1 (Virginia) when enabled
VPC network isolation with public/private subnet separation across 2 Availability Zones
Network segmentation between production and non-production environments
Web application firewall (AWS WAF) with rate limiting, bot detection, and geo-blocking
DDoS protection (AWS Shield Standard; WAF rate-limiting rules)
Intrusion detection: AWS GuardDuty (15-minute threat publication, severity ≥ 4 alerting)
Vulnerability scanning: AWS Inspector (continuous scanning of ECR container images and Lambda functions)
Compliance monitoring: AWS Security Hub (CIS AWS Foundations Benchmark + AWS Foundational Security Best Practices)
Configuration auditing: AWS Config (all resource types recorded)
VPC Flow Logs enabled with 365-day retention and KMS encryption
Annual penetration testing by independent third party

Operational Security

Security incident response plan (documented and tested annually)
Employee background checks for personnel with access to Customer Data
Mandatory security awareness training for all employees (annual, with additional training for engineering staff)
Secure software development lifecycle (SSDLC)
Change management procedures for production deployments via GitHub Actions CI/CD (plan on PR, apply on merge with manual approval for production)
Server application logs retained for 90 days (PII-containing logs per Privacy Policy §6.2)
AWS CloudTrail audit logs retained for 365 days with log file validation and KMS encryption (per PCI-DSS 10.7)
11 CIS AWS Foundations Benchmark metric filters with automated alerting (unauthorized API calls, root account usage, IAM changes, security group changes, etc.)
CloudWatch alarms: API 5xx error rate, p99 latency, Redis memory, SQS DLQ depth, ACM certificate expiry

Physical Security

Managed by cloud infrastructure provider (AWS) — see AWS SOC 2 report for details
Whera does not operate its own data centers

Business Continuity

Automated daily backups via AWS Backup: DynamoDB tables backed up daily at 05:00 UTC (30-day retention); Redis snapshots daily at 06:00 UTC (7-day retention)
Backup vault lock with immutability enforcement (backups cannot be deleted or modified before retention period)
Disaster recovery plan (Pilot Light strategy): 5 critical DynamoDB tables replicated via Global Tables to US-East-1; S3 cross-region replication; Secrets Manager replication
Target RTO: 30–60 minutes (Pilot Light compute deployment via Terraform)
Target RPO: <1 minute for replicated data (Global Tables); <24 hours for backup-only data
Disaster recovery testing: quarterly paper drills, semi-annual Terraform plan validation, annual full failover test

Annex III — Sub-processor List

Sub-processor	Purpose	Location	Data Accessed
Amazon Web Services (AWS)	Cloud infrastructure, data storage, compute	US-West-2 (Oregon); US-East-1 (Virginia) when DR enabled	All Customer Data
Stripe	Payment processing	US	Payment metadata only (no location data)
[Push notification provider — e.g., Firebase Cloud Messaging / APNs]	Push notification delivery	US / Global	Notification payloads (may include alert content)
[Map tile provider — e.g., MapTiler, Mapbox]	Map rendering	[Specify]	No Customer Data (tiles are static map images)
[Analytics provider — if any]	Service performance monitoring	[Specify]	Anonymized/aggregated usage data only
[Email service provider — e.g., AWS SES, Postmark]	Transactional email delivery	US	Email addresses, notification content

This list is current as of [date]. Updates are communicated per Section 6C.

Annex IV — Standard Contractual Clauses

[The EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and the UK International Data Transfer Addendum (as issued by the ICO) are incorporated by reference and available at:

EU SCCs: [link to Whera's executed SCCs]
UK Addendum: [link to Whera's executed UK Addendum]

The specific module(s) applicable to this DPA:

Module Two (Controller to Processor) — for standard enterprise use
Module Three (Processor to Sub-processor) — for Whera's engagement of Sub-processors

Clause-specific selections and optional text choices will be documented in a completed SCC appendix attached to this DPA upon execution.]