BARKROWSYSTEMS
Login
PlatformPlansResourcesCompanyContact
Legal · Data Processing

How we process your documents.

This Data Processing Addendum forms part of the agreement between BKW, LLC (Barkrow Systems) and a customer using Adamantius. It governs customer documents and the personal data within them.

LAST UPDATED · June 2026  ·  CUSTOMER TERMS SUMMARY
  1. 1

    Roles of the parties

    The customer is the controller of the documents and personal data it uploads. Barkrow Systems is the processor, acting only on the customer instructions set out in the agreement and this addendum.

    Where a signed enterprise agreement and this addendum conflict, the signed agreement governs.

  2. 2

    Scope and purpose

    We process customer documents — contracts, carrier quotes, bound policies, certificates of insurance — solely to provide Adamantius: extraction, cross-reference, the audit ledger, and support. We do not process them for any other purpose.

    Data subjects may include insureds, named parties, brokers and contacts referenced in those documents.

  3. 3

    The PII boundary

    Personal and commercially sensitive identifiers are tokenized by reversible substitution before any document reaches a language model. Raw PII never leaves Barkrow infrastructure, and no third-party model provider receives it in the clear.

  4. 4

    Subprocessors

    A short, audited list, each bound by a data-processing agreement: Microsoft Azure (hosting and compute, United States), Cloudflare (edge and delivery), WorkOS (authentication), Anthropic and Azure OpenAI (model inference, on tokenized data only), and Resend (transactional email).

    We maintain the current list on the Security page and give notice before adding or replacing a subprocessor, so the customer may object.

  5. 5

    Security measures

    Encryption in transit and at rest, tenant isolation enforced at the database with row-level security, private networking with no public ingress to data stores, least-privilege access, and an append-only audit log of every run. SOC 2 Type II is in progress.

  6. 6

    Assisting the controller

    We assist the customer in responding to data-subject requests for access, correction, export and deletion, and in meeting breach-notification and impact-assessment obligations, within the windows GDPR and CCPA require.

  7. 7

    International transfers

    Customer data is hosted in the United States. For transfers originating in the EEA or UK, Standard Contractual Clauses are available on request and incorporated by reference where applicable.

  8. 8

    Breach notification

    We notify the customer without undue delay after becoming aware of a personal-data breach affecting their data, with the information needed to meet their own notification duties.

  9. 9

    Retention and deletion

    Customer documents follow the retention the customer configures. On termination we delete or return them within the period the agreement specifies, except where an immutable audit archive must be retained to satisfy a regulatory requirement.

  10. 10

    No training on customer data

    We claim no right to train models on customer documents or the personal data within them. Ever.

Questions? Write to legal@barkrowsystems.com.

Put the compliance spine behind your book.

See Adamantius on one of your own redacted files — a real contract, a real quote stack, your workflow.

See plans