Data Processing Addendum
How Router MCP processes personal data as a processor.
This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Controller") and Router MCP ("Processor") for the provision ofRouterMCP (the "Service").
Subject Matter and Duration
Processing of personal data is limited to operating and supporting the Service for the term of the underlying agreement.
Nature and Purpose
Provision of a managed router for Model Context Protocol (MCP) tools, including storage of configuration metadata, access controls, and operational logs.
Processor Obligations
- Process personal data only on documented instructions of Controller.
- Ensure personnel confidentiality and appropriate training.
- Implement appropriate technical and organizational measures.
- Assist Controller with data subject requests and security notifications.
Security Measures
Security includes encryption in transit, encryption at rest, access controls, audit logging, and regular vulnerability remediation. See Security.
Subprocessors
Processor may engage subprocessors subject to written agreements requiring equivalent data protection. A current list is available on request.
International Transfers
Transfers will be protected by appropriate safeguards consistent with applicable law.
Updated October 3, 2025
DPA v1.0