1. Purpose

These Guidelines for Sub-Processors ("Guidelines") define the minimum requirements and expectations for third-party sub-processors engaged by bacca.ai ("Company", "we", "our") in the provision of AI-powered Site Reliability Engineering (SRE) products and services. The objective is to ensure security, reliability, compliance, and trust across our vendor ecosystem.

2. Scope

These Guidelines apply to all third-party entities that process, store, access, or otherwise handle data (including Customer Data and Personal Data) on behalf of bacca.ai as part of delivering our services.

3. Definitions

• Sub-Processor: Any third party engaged by bacca.ai to process data on our behalf.
• Customer Data: Data submitted by customers to the bacca.ai platform, including system telemetry, logs, metrics, and configuration data.
• Personal Data: Any information relating to an identified or identifiable individual, as defined by applicable data protection laws.

4. General Requirements

Sub-Processors must:

• Process data solely for the purposes specified by bacca.ai
• Act only on documented instructions from bacca.ai
• Comply with all applicable laws and regulations
• Maintain confidentiality of all data accessed
• Not engage additional sub-processors without prior written authorization from bacca.ai

5. Information Security Requirements

Sub-Processors are required to implement appropriate technical and organizational security measures, including but not limited to:

• Access controls based on the principle of least privilege
• Encryption of data at rest and in transit using industry-standard methods
• Secure key management practices