CitlaliBridge
Prototype Request briefing
Enterprise Data Governance

CitlaliBridge Data Processing Addendum

This Data Processing Addendum forms part of the Terms of Service between Citlali Technologies LLC and the organization or individual using the CitlaliBridge platform, and governs the processing of Customer Data in connection with the platform services.

Last updated: March 13, 2026 Processor / Controller framework Customer Data handling

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Citlali Technologies LLC, operator of the CitlaliBridge platform ("Processor"), and the organization or individual using the platform ("Customer" or "Controller").

1. Definitions

Customer Data: Any data submitted to or processed by the CitlaliBridge platform by or on behalf of the Customer.

Processing: Any operation performed on Customer Data including collection, storage, organization, analysis, or deletion.

Subprocessor: A third-party service provider engaged by CitlaliBridge to process Customer Data.

2. Roles of the Parties

For the purposes of data protection, the Customer acts as the Controller of Customer Data, and Citlali Technologies LLC acts as the Processor of Customer Data.

CitlaliBridge processes Customer Data only on documented instructions from the Customer.

3. Scope of Data Processing

CitlaliBridge processes Customer Data solely to provide platform services including:

  • Employer profile management
  • Candidate profile management
  • Sponsorship case management
  • Compliance scoring and analytics
  • Document storage and retrieval
  • Audit logging and reporting

These capabilities correspond to the system modules that manage employer data, candidate records, case records, document storage, and scoring workflows within the platform architecture.

4. Types of Data Processed

Customer Data may include:

Employer Data

  • Employer identifiers
  • Sponsorship activity records
  • Compliance indicators

Candidate Data

  • Candidate identifiers
  • Immigration case metadata

Document Data

  • Uploaded supporting evidence
  • Verification documents

System Metadata

  • Audit logs
  • Access logs
  • Processing events

5. Processing Purpose

CitlaliBridge processes Customer Data solely for:

  • Delivering platform functionality
  • Generating compliance intelligence
  • Maintaining audit traceability
  • Supporting system security and monitoring

Customer Data is not used for advertising or sold to third parties.

6. Security Measures

CitlaliBridge implements reasonable administrative, technical, and organizational safeguards including:

  • Role-based access controls
  • Encrypted network communications
  • Audit logging
  • Infrastructure monitoring
  • Controlled access to production systems

Security practices are designed to protect confidentiality, integrity, and availability of Customer Data.

7. Subprocessors

CitlaliBridge may use subprocessors to support platform operations, including cloud infrastructure providers.

Current categories of subprocessors include:

  • Cloud hosting providers
  • Infrastructure monitoring services
  • Security monitoring services

CitlaliBridge remains responsible for ensuring subprocessors maintain appropriate data protection standards.

8. Data Retention

Customer Data will be retained only for as long as necessary to provide the platform services, maintain required audit logs, and comply with legal obligations.

Customers may request deletion of Customer Data upon termination of services, subject to applicable legal requirements.

9. Confidentiality

CitlaliBridge personnel who access Customer Data are subject to confidentiality obligations and are granted access only where necessary to perform their duties.

10. Data Breach Notification

If CitlaliBridge becomes aware of a confirmed unauthorized access or disclosure affecting Customer Data, CitlaliBridge will notify the Customer without undue delay after discovery.

Notifications will include available information about the nature of the incident and mitigation measures.

11. Customer Responsibilities

Customers are responsible for:

  • Ensuring they have appropriate rights to submit Customer Data
  • Complying with applicable data protection laws
  • Ensuring that submitted data does not violate third-party rights

12. Deletion and Return of Data

Upon termination of services and written request, CitlaliBridge will delete or return Customer Data where feasible, except where retention is required for legal compliance or system integrity.

13. Governing Law

This Data Processing Addendum shall be governed by the laws of the State of Texas, United States.