Halton Meter Cloud

Halton Meter Cloud · DPA

Data Processing Addendum

Effective
EFFECTIVE_DATE_TO_BE_SET_ON_PUBLICATION
Operator
Halton Labs
Contact
operator@haltonlabs.com
Scope
cloud
Draft — requires solicitor review before publication. [Last drafted: 2026-05-28.] This document has been drafted by in-house counsel for Halton Labs and has not yet been signed off by an external practising solicitor. Do not rely on or countersign it until that review is complete and this banner is removed.

§ 1 Background and parties

The parties

This Data Processing Addendum (the DPA) is entered into between:

  • Halton Labs Ltd, a private limited company incorporated in England and Wales with company number 16752269 and registered office at 124 City Road, London, EC1V 2NX, United Kingdom (Halton Labs or the Processor); and
  • the customer that has entered into the Cloud Terms of Service or a signed order form with Halton Labs and that, in doing so, processes Personal Data through Halton Meter Cloud (the Customer or the Controller).

Why this document exists

Halton Meter Cloud is a hosted dashboard for the Halton Meter daemon — a local network proxy that observes outbound LLM API traffic and sends usage metadata (and, where the Customer opts in, prompt and response content) to the Customer's workspace. When the Customer's use of the service involves Personal Data, UK GDPR Article 28 requires a written contract setting out the Processor's obligations. This DPA is that contract.

How this DPA is brought into force

This DPA is incorporated by reference into the Cloud Terms of Service at cloud.haltonmeter.com/terms and applies automatically to any Customer whose use of the service involves Personal Data. A Customer that requires a countersigned copy on its own paper may request one at operator@haltonlabs.com; we will sign the version published here unless there is a specific, narrowly-drafted change agreed in advance.

§ 2 Definitions

In this DPA, the following terms have the meanings given to them in the UK GDPR, and are used here with the same meaning: Controller, Processor, Sub-processor, Personal Data, processing (and its grammatical forms), data subject, Personal Data Breach, and supervisory authority.

In addition, the following defined terms apply:

  • UK GDPR means the United Kingdom General Data Protection Regulation, as defined in section 3(10) of the Data Protection Act 2018.
  • Data Protection Laws means the UK GDPR, the Data Protection Act 2018, and (where applicable to the processing of a particular Customer's data) the EU GDPR and any successor or replacement legislation.
  • Service means Halton Meter Cloud — the hosted dashboard, API, and team reporting service accessible at app.haltonmeter.com.
  • Customer Personal Data means Personal Data processed by Halton Labs on behalf of the Customer in the course of providing the Service, as further described in Annex 1.
  • Standard Transfer Mechanism means the ICO's International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (the UK Addendum), each as published by the Information Commissioner's Office and as updated from time to time.
  • Stored Content means the prompt and response bodies that flow into the Cloud when, and only when, the Customer has switched on the workspace setting store_prompt_content, as described in § 2a of the Privacy Policy.

§ 3 Scope, roles and instructions

Roles

For the Customer Personal Data processed under this DPA, the Customer is the Controller and Halton Labs is the Processor. Where the Customer's own end-users supply Personal Data to the Customer's systems and that data subsequently flows into the Service (for example, where the Customer has enabled content storage and the Customer's application is processing end-user prompts), the end-user is the data subject, the Customer remains the Controller of that data, and Halton Labs is a Processor acting on the Customer's documented instructions. Halton Labs is not a controller of that end-user data and is not a joint controller with the Customer.

Documented instructions

Halton Labs will process Customer Personal Data only on the Customer's documented instructions, including with regard to international transfers. The following are deemed to be the Customer's documented instructions for the duration of this DPA:

  • the Cloud Terms of Service;
  • this DPA, including its Annexes;
  • any order form or statement of work signed between the parties;
  • the configuration choices the Customer makes in the workspace settings of Halton Meter Cloud (for example, enabling or disabling store_prompt_content, setting data_retention_days, adding or removing workspace members, requesting deletion); and
  • any further written instruction agreed by the parties (email to operator@haltonlabs.com from a workspace owner is sufficient form).

If Halton Labs believes that an instruction infringes the Data Protection Laws, it will inform the Customer without undue delay and may suspend performance of that instruction (but not the Service as a whole) until the issue is resolved.

LLM providers are not Halton Labs sub-processors

The Customer's LLM provider API keys live on the Customer's developer machines and the daemon forwards LLM API traffic directly from those machines to the relevant provider (Anthropic, OpenAI, Google, Groq, and so on). Those provider API calls do not transit Halton Meter Cloud. Each LLM provider is therefore the Customer's own processor under the Customer's direct contract with that provider, and is not a sub-processor of Halton Labs under this DPA.

§ 4 Subject matter, duration, nature and purpose

Summary

The subject matter, duration, nature and purpose of the processing, together with the categories of Personal Data and data subjects, are set out in full at Annex 1. In summary:

  • Subject matter: the provision of Halton Meter Cloud — receiving usage metadata from the daemon, optionally receiving Stored Content, computing cost, and surfacing reports in the Customer's workspace.
  • Duration: for as long as the Customer's subscription or order form remains in force, plus the wind-down periods set out in § 13.
  • Nature: hosting, storage, retrieval, structuring, aggregation, display and (where instructed by the Customer) deletion of Customer Personal Data.
  • Purpose: to enable the Customer to attribute, report on, and govern its team's use of third-party LLM APIs.

§ 5 Personal data and data subjects

Categories

The categories of Personal Data and data subjects are set out at Annex 1. The Customer must not send to the Service Personal Data outside those categories — and in particular must not send special category data under UK GDPR Article 9 or criminal-offence data under Article 10 — unless the parties have first agreed in writing that such categories may be processed and have put any additional safeguards in place that the Data Protection Laws require.

The Customer remains responsible for having a lawful basis under Article 6 (and, where applicable, Article 9) for the processing it instructs Halton Labs to perform, and for any notices, consents and records of processing activities required of the Controller.

§ 6 Processor obligations

What Halton Labs commits to

Halton Labs will:

  • (a) process Customer Personal Data only on the Customer's documented instructions, as described in § 3, including in respect of transfers outside the United Kingdom;
  • (b) ensure that personnel authorised to process Customer Personal Data are bound by a contractual or statutory duty of confidentiality;
  • (c) implement and maintain the technical and organisational measures described in Annex 2 to ensure a level of security appropriate to the risk;
  • (d) engage Sub-processors only in accordance with § 8;
  • (e) taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as this is possible, to respond to data subject requests under Chapter III of the UK GDPR (Articles 12–22), as further described in § 11;
  • (f) assist the Customer in ensuring compliance with its obligations under Articles 32 to 36 (security, breach notification, data protection impact assessment, prior consultation), taking into account the nature of the processing and the information available to Halton Labs;
  • (g) at the choice of the Customer, delete or return all Customer Personal Data after the end of the provision of the Service, and delete existing copies unless storage is required by applicable law, as further described in § 13;
  • (h) make available to the Customer all information necessary to demonstrate compliance with this DPA and with Article 28, and allow for and contribute to audits as described in § 12.

Restrictions on Halton Labs's own use of the data

Halton Labs will not:

  • use Customer Personal Data for its own purposes, including for advertising, profiling, or the training, fine-tuning or evaluation of any machine-learning model (its own or any third party's);
  • sell, rent, share, or otherwise disclose Customer Personal Data to any third party except as expressly permitted by this DPA (i.e. to Sub-processors listed in Annex 3, or where required by law as described below); or
  • respond to a request from any government, regulator or law enforcement agency for Customer Personal Data without first notifying the Customer (where lawful to do so) and giving the Customer a reasonable opportunity to seek a protective order or otherwise challenge the request.

§ 7 Security of processing

Appropriate technical and organisational measures

Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of the processing, and the risk to the rights and freedoms of data subjects, Halton Labs will implement and maintain the technical and organisational measures set out at Annex 2 to ensure a level of security appropriate to that risk.

Halton Labs may update Annex 2 from time to time provided that the overall level of protection of Customer Personal Data is not materially reduced.

§ 8 Sub-processors

General authorisation

The Customer gives general written authorisation for Halton Labs to engage Sub-processors to process Customer Personal Data, subject to this § 8. The Sub-processors engaged at the effective date are listed at Annex 3, and a current list is published at cloud.haltonmeter.com/sub-processors.

Flow-down obligations

Halton Labs will impose on each Sub-processor, by way of a written contract, data protection obligations that are substantially the same as those set out in this DPA, in particular providing sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the UK GDPR. Halton Labs remains fully liable to the Customer for the performance of each Sub-processor's obligations.

Changes — prior notice and objection right

Halton Labs will give the Customer at least 14 days' prior notice before adding or replacing a Sub-processor. Notice will be given by email to the Customer's workspace owner(s) and by updating the published Sub-processor list with the proposed effective date.

The Customer may object in writing within those 14 days on reasonable, data-protection-related grounds. If the parties cannot agree a resolution within 30 days of the objection — for example, Halton Labs offering an alternative configuration that avoids the objected-to Sub-processor — the Customer may terminate the affected part of the Service for convenience and receive a pro-rata refund of any prepaid fees for the unused remainder of the term.

§ 9 International transfers

Default position — data stays in the United Kingdom

The Service runs in Amazon Web Services in the London region (eu-west-2). Customer Personal Data, including any Stored Content, is stored at rest in the United Kingdom in the ordinary course of operating the Service.

Specific cross-border flows via Sub-processors

A small number of Sub-processors (identified in Annex 3) store limited categories of Customer Personal Data outside the United Kingdom — currently in the United States. For each such transfer:

  • the categories of data, the country of import and the lawful transfer mechanism are identified in Annex 3;
  • where the import country has a UK adequacy regulation in force (as defined in section 17A of the Data Protection Act 2018), that adequacy regulation is the lawful basis for the transfer; and
  • where no adequacy regulation is in force, Halton Labs has executed with the relevant Sub-processor the appropriate Standard Transfer Mechanism (the IDTA, or the EU Commission SCCs as modified by the UK Addendum), and the Customer authorises Halton Labs to enter into and rely on those instruments on the Customer's behalf as exporter, to the extent that is necessary to ensure compliant onward transfer.

Transfer impact and additional safeguards

Where required, Halton Labs has conducted a transfer risk assessment in respect of each cross-border flow identified in Annex 3 and has put in place such supplementary measures (including, where applicable, encryption in transit and at rest, pseudonymisation, and strict limits on the categories of data transferred) as it has reasonably determined necessary to ensure a level of protection essentially equivalent to that provided in the United Kingdom.

§ 10 Personal Data Breach

Notification within 72 hours of awareness

Halton Labs will notify the Customer without undue delay, and in any event within 72 hours of becoming aware of a Personal Data Breach affecting Customer Personal Data. Notification will be made by email to the Customer's workspace owner(s) and, if available, the Customer's designated security contact.

Content of the notification

The notification will, to the extent the information is available to Halton Labs at the time:

  • describe the nature of the breach, including, where possible, the categories and approximate number of data subjects and records concerned;
  • identify a point of contact (typically operator@haltonlabs.com) from whom further information can be obtained;
  • describe the likely consequences of the breach; and
  • describe the measures taken or proposed to be taken to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where it is not possible to provide all of this information at the same time, the information may be provided in phases without further undue delay.

Assistance with the Controller's own notifications

Halton Labs will reasonably assist the Customer in complying with the Customer's own obligations under Articles 33 (notification to the supervisory authority) and 34 (communication to data subjects), taking into account the nature of the processing and the information available to Halton Labs. Halton Labs will not make any notification to a supervisory authority or to data subjects on behalf of the Customer unless the Customer expressly requests it in writing.

No admissions

A notification under this § 10 is not an acknowledgement by Halton Labs of any fault or liability in connection with the incident.

§ 11 Assistance to the Controller

Data subject requests

If Halton Labs receives a request from a data subject in respect of Customer Personal Data, it will not respond to the request directly (except to acknowledge receipt and to refer the data subject to the Customer) and will forward the request to the Customer's workspace owner without undue delay. Halton Labs will provide reasonable assistance to enable the Customer to respond to requests under Articles 12 to 22 of the UK GDPR (in particular, access, rectification, erasure, restriction, portability and objection), taking into account the nature of the processing.

Many such requests can be self-served by the Customer through the workspace's export, edit and deletion controls in the dashboard. Where that is not sufficient, Halton Labs will assist on request, typically within 10 business days.

Data protection impact assessments and prior consultation

Halton Labs will provide reasonable assistance to the Customer in carrying out data protection impact assessments under Article 35 and, where required, prior consultations with the supervisory authority under Article 36, in each case in respect of processing conducted by Halton Labs on behalf of the Customer.

Costs of assistance

Assistance under this § 11 is provided free of charge for requests that are routine and proportionate. For requests that are manifestly unfounded, excessive, or that require materially bespoke engineering work, Halton Labs may charge a reasonable fee based on time and materials, notified in advance.

§ 12 Audit and inspection

Information first

Halton Labs will, on reasonable written request, make available to the Customer all information necessary to demonstrate compliance with Article 28 and this DPA — for example, current copies of the Annex 2 measures, summaries of the most recent penetration test, and the current Sub-processor list.

On-site or remote audit

In addition to the information right above, the Customer may audit Halton Labs's compliance with this DPA. Such an audit:

  • may be carried out no more than once every 12 months, save where the Customer has reasonable grounds to suspect a Personal Data Breach or a material non-compliance, in which case an additional audit may be carried out;
  • requires at least 30 days' prior written notice (or such shorter period as is reasonable in the case of a suspected Personal Data Breach);
  • must be conducted during normal business hours, in a manner that does not unreasonably interfere with Halton Labs's operations, and subject to reasonable confidentiality undertakings;
  • may be conducted by the Customer or by an independent third-party auditor appointed by the Customer (and not, absent Halton Labs's consent, by a competitor of Halton Labs);
  • must not include access to data of other Halton Labs customers, or to commercially sensitive information unrelated to the Customer's processing; and
  • is at the Customer's cost, save that if the audit reveals material non-compliance by Halton Labs, Halton Labs will bear the Customer's reasonable audit costs and remediate the non-compliance.

Where Halton Labs has, at the time of the request, a current independent third-party audit report or attestation covering the relevant controls, the Customer agrees to consider that report first before requesting an on-site or remote audit.

§ 13 Return or deletion on termination

Export window

For 30 days after the end of the Customer's subscription, the workspace's data export functions remain available so that the Customer can extract all Customer Personal Data in CSV or JSON format.

Deletion

At the Customer's choice — either by an express written instruction or by allowing the 30-day export window to expire without further direction — Halton Labs will delete all Customer Personal Data from production systems within 30 days of the end of the export window, and from routine backups within a further reasonable period (currently no more than 90 days) consistent with backup retention cycles.

Halton Labs may retain Customer Personal Data to the extent (and only to the extent) required by applicable law, in which case it will continue to protect the data in accordance with this DPA for so long as it is retained, and will use the data only for the purpose that requires the retention.

Deletion on instruction during the term

The Customer may instruct Halton Labs to delete specific Customer Personal Data at any time during the term — for example, in response to a data subject erasure request. Halton Labs will action a written deletion instruction within 30 days of receipt and will confirm completion in writing.

§ 14 Liability

Aligned with the Cloud Terms

Each party's liability arising out of or in connection with this DPA is subject to the exclusions and the aggregate liability cap set out in the Cloud Terms of Service. For the avoidance of doubt, that cap applies to claims under this DPA in aggregate with all other claims under the Cloud Terms — it is not a separate cap.

Nothing in this DPA limits or excludes either party's liability where it cannot lawfully be limited or excluded, including liability for fraud or fraudulent misrepresentation, for death or personal injury caused by negligence, or (in either direction) to a data subject in respect of compensable damage under Article 82 of the UK GDPR.

§ 15 Term, termination and order of precedence

Term

This DPA takes effect on the date the Customer first accepts the Cloud Terms of Service (or, where signed on paper, on the date of the last signature) and continues for so long as Halton Labs processes Customer Personal Data, after which the surviving obligations (in particular § 6, § 10, § 12, § 13 and § 14) continue for the period necessary to give them effect.

Order of precedence

In the event of a conflict between this DPA and the Cloud Terms of Service in respect of the processing of Personal Data, this DPA controls. A signed order form between the parties may, where it expressly says so, override either document.

§ 16 Governing law

England and Wales

This DPA is governed by the laws of England and Wales. Any disputes arising out of or in connection with it are subject to the exclusive jurisdiction of the courts of England and Wales.

A1 Annex 1 — Details of processing

Subject matter

Provision of Halton Meter Cloud: receiving usage records and (where the Customer has opted in) Stored Content from the Halton Meter daemon, storing them, computing cost, and surfacing reports, dashboards and exports in the Customer's workspace.

Duration

For the term of the Customer's subscription or order form, plus the 30-day export window and the deletion timetable in § 13.

Nature of the processing

Collection (by receipt from the daemon), recording, organisation, structuring, storage, retrieval, use (for displaying reports to authorised workspace members), aggregation, transmission (to authorised workspace members and, where instructed, by export), and erasure.

Purpose

To enable the Customer to attribute, report on, audit and govern its team's use of third-party LLM APIs.

Categories of Personal Data

In the default (metadata-only) flow:

  • workspace member identifiers (email address, display name);
  • usage records, each containing: timestamp, provider, model, input and output token counts, computed cost in USD, project attribution label, developer identifier (a hash controlled by the Customer), and latency;
  • service logs (IP address, HTTP method, path, status code, response time), retained for 30 days for debugging, security and abuse prevention;
  • billing reference data (plan, status, billing period) received from the Customer's billing platform — not raw card data.

Additionally, when (and only when) the workspace has enabled store_prompt_content:

  • prompt bodies (text and structured input sent to the model);
  • response bodies (text and structured output returned by the model);
  • request and response headers stripped of authentication credentials.

The Customer is responsible for ensuring that the content it causes to flow into the Service is consistent with the lawful basis on which it processes that content (see § 5). The Customer must not enable content storage for processing involving special category or criminal-offence data without first agreeing additional safeguards with Halton Labs in writing.

Categories of data subjects

  • the Customer's personnel who use Halton Meter Cloud (workspace members and administrators);
  • the Customer's personnel whose LLM API calls the daemon observes (typically developers; identified by a hash controlled by the Customer);
  • where the Customer has enabled content storage, the Customer's end-users or other third parties whose inputs and outputs are contained in the prompt and response bodies the daemon observes.

Retention

  • Usage metadata: for the duration of the subscription plus 90 days, then deleted in accordance with § 13.
  • Stored Content (opt-in): for the workspace's configured data_retention_days (default 365 days), after which it is deleted from primary storage on a rolling basis.
  • Account data (workspace owner email, billing reference): up to 7 years after the end of the subscription, to the extent required for legal and accounting purposes.
  • Service logs: 30 days.

Transfers outside the United Kingdom

The primary storage location is AWS eu-west-2 (London, United Kingdom). Limited categories of data may be processed by Sub-processors located in the United States, as identified in Annex 3, in each case under the relevant Standard Transfer Mechanism described in § 9.

A2 Annex 2 — Technical and organisational measures

Halton Labs implements and maintains the following technical and organisational measures, which it reviews periodically and updates to reflect changes in risk and in the state of the art. The following description is current as at the effective date of this DPA and may be updated under § 7.

Encryption

  • At rest: all Customer Personal Data is stored encrypted at rest using AES-256 (AWS-managed KMS keys for RDS PostgreSQL and S3).
  • In transit: all connections between the daemon, the dashboard, the API, and the database use TLS 1.3 minimum. The daemon refuses to send data over an insecure transport.

Region isolation

Production infrastructure for the Service is deployed in AWS eu-west-2 (London). Customer Personal Data does not leave that region in the ordinary course of operating the Service, save for the specific Sub-processor flows identified in Annex 3.

Access control and identity

  • Authentication for workspace members uses a third-party identity provider (see Annex 3) with support for strong passwords, email verification, and multi-factor authentication; multi-factor authentication is enforced for accounts with administrative privileges.
  • Production AWS access uses IAM with least-privilege roles, federated single sign-on, and mandatory multi-factor authentication. There are no long-lived shared root credentials on production accounts.
  • Database access from the application uses scoped IAM credentials and a private subnet — the production database is not reachable from the public internet.

Tenant isolation

Customer data is logically isolated per workspace at the database row level. Application-level authorisation checks enforce that a workspace member can only read or write data belonging to their workspace.

Audit logging

  • Administrative actions on Halton Labs production infrastructure are logged centrally (AWS CloudTrail) and retained.
  • Reveals of Stored Content in the dashboard are gated by a consent prompt (the ConsentGate mechanism): the viewer must record a short, workspace-visible reason before the content is unblurred. The reveal, the viewer's identity, and the recorded reason are written to a workspace-level audit log. The ConsentGate is enforced in the dashboard codebase by a project-specific ESLint rule (local/consent-gated-prompts) to prevent accidental bypass through UI changes.

Network security

  • Production resources are placed in private subnets behind security groups configured on a default-deny basis.
  • The public API and dashboard sit behind a managed load balancer terminating TLS.
  • Routine vulnerability scanning of dependencies and container images.

Backup and recovery

  • Automated, encrypted database backups retained for 30 days.
  • Point-in-time recovery enabled on the primary database.
  • Periodic restore testing.

Personnel

  • Personnel authorised to access Customer Personal Data are bound by written confidentiality obligations.
  • Access to production data is limited to those personnel whose role requires it, on a least-privilege basis.
  • Access is reviewed periodically and revoked promptly on role change or departure.

Change management and secure development

  • Source code is held in version-controlled repositories with mandatory peer review before merge to production branches.
  • Deployments are tracked and reversible.
  • Secrets (API tokens, database credentials) are held in a managed secrets store, not in source code.

Incident response

  • Halton Labs maintains an internal incident response procedure covering detection, triage, containment, notification (per § 10), recovery and post-incident review.
  • The procedure is reviewed and exercised periodically.

Sub-processor diligence

  • Sub-processors are selected on the basis of their published security posture and contractually committed data protection obligations, and are reviewed before engagement and on material change.

What Halton Labs does not currently claim

As at the effective date, Halton Labs does not hold a SOC 2 Type II report or an ISO/IEC 27001 certification. The measures above are Halton Labs's own controls, not a third-party attestation. Where a Customer's procurement process requires a specific attestation, please raise this with operator@haltonlabs.com so that any roadmap commitments can be discussed expressly rather than implied.

A3 Annex 3 — Approved sub-processors

The following Sub-processors are engaged at the effective date of this DPA. A current list is also published at cloud.haltonmeter.com/sub-processors. Material changes are notified to workspace owners with at least 14 days' prior notice, as described in § 8.

Infrastructure

  • Amazon Web Services EMEA SARL — primary hosting, database (RDS PostgreSQL) and object storage (S3) for all Cloud workspace data, including any Stored Content. Location of processing: United Kingdom (eu-west-2, London). Transfer mechanism: no UK cross-border transfer in the ordinary course; the AWS GDPR Data Processing Addendum applies. Data seen: all categories listed in Annex 1.

Authentication and billing

  • Clerk, Inc. — authentication (sign-in, sign-up, session management) and billing (Clerk Billing). Clerk uses Stripe upstream as the card-network processor; raw card numbers go directly from the data subject's browser to Stripe via Clerk's hosted billing interface — they do not pass through Halton Labs. Location of processing: United States. Transfer mechanism: UK Addendum to the EU Commission Standard Contractual Clauses (or the IDTA where Clerk's published terms provide for it). Data seen: account email, display name, plan and billing reference. No usage metadata. No Stored Content.
  • Svix Inc. — webhook delivery for events emitted by Clerk (e.g. subscription state changes). Location of processing: United States. Transfer mechanism: UK Addendum to the EU Commission Standard Contractual Clauses. Data seen: event payloads that may include account identifiers and plan metadata. No usage metadata. No Stored Content.

Email

  • Resend, Inc. — transactional email (scheduled reports, workspace invitations, billing notifications, security notices). Sender domain: haltonmeter.com, verified with DKIM and SPF. Location of processing: United States. Transfer mechanism: UK Addendum to the EU Commission Standard Contractual Clauses. Data seen: recipient email address, recipient name (where included), email subject and body. No prompt or response content is sent to Resend.

Error telemetry

  • Sentry (Functional Software, Inc.) — error reporting from the dashboard and API. Location of processing: United States. Transfer mechanism: UK Addendum to the EU Commission Standard Contractual Clauses. Data seen: redacted error payloads (stack traces, request paths, user agent), with Customer Personal Data scrubbed before transmission. No prompt or response content is sent to Sentry under any configuration.

Halton Labs may, from time to time, engage additional Sub-processors consistent with this DPA. Any addition will be notified in accordance with § 8.