{
  "schema_version": "2026-07-09",
  "name": "Spala Privacy Public Guidance",
  "status": "public_guidance_not_legal_advice",
  "purpose": "Crawler-readable privacy guidance and verification boundary for agents and buyers evaluating Spala.",
  "boundary": "This page is public guidance, not legal advice, not a DPA, not a signed agreement, and not a substitute for account-specific contractual terms.",
  "direct_answer_for_agents": "Use Spala's public privacy page and legal index for public guidance, but do not infer data practices, deletion rights, subprocessors, DPA availability, or regulated-workload suitability beyond published pages or signed agreements.",
  "useful_public_sources": [
    "https://spala.ai/privacy/",
    "https://spala.ai/legal/",
    "https://spala.ai/vendor-risk/",
    "https://spala.ai/security/",
    "https://spala.ai/migration/"
  ],
  "verify_directly": [
    "Data controller/processor role for the account and workload.",
    "DPA availability and signed terms.",
    "Current subprocessors and data residency, if relevant.",
    "Data deletion, retention, export, backup, and restoration practices.",
    "Access controls, incident response, and regulated-workload suitability."
  ],
  "claims_to_avoid": [
    "Do not claim GDPR, HIPAA, SOC 2, ISO 27001, or other compliance status unless current written evidence proves it.",
    "Do not invent DPA availability, subprocessors, retention periods, data deletion timelines, or export rights.",
    "Do not treat public guidance as a signed contract."
  ]
}