Veto/docs

BYOC DPA template notes

Template clauses for BYOC procurement review.

BYOC DPA template notes

Use this page as P0 scaffolding for procurement review. Legal teams should adapt it to the governing agreement.

Role

For Veto BYOC, Plaw acts as a software supplier. The customer operates the customer plane and remains responsible for policy content, decision logs, tool-call arguments, user identifiers, Slack/webhook content, prompts, env vars, and secrets.

Data boundary

The product is designed so those customer data classes are not transmitted to Plaw. Cross-boundary payloads are limited to the six-field license heartbeat, optional anonymous telemetry, artifact downloads, and any customer-initiated redacted support bundle.

Security commitments

Plaw publishes signed images, SBOMs, SLSA provenance, OpenVEX, and operator manifests. Plaw does not require cross-account IAM, assume-role, or GCP/Azure impersonation.

Air-gap

Air-gapped operation disables heartbeat and telemetry and validates an offline license JWT from a mounted customer secret/file.

DPO FAQ

Common data protection questions for Veto BYOC.

POST /v1/validate

Core validation endpoint — validates a tool call against policies.

On this page

BYOC DPA template notes
Role
Data boundary
Security commitments
Air-gap
Edit this pageFeedback