Terms of Service

Effective Date: 09/01/2025

 Last Reviewed: 08/20/2025

This Terms of Service (“Agreement”) is entered into by and between Deep Freeze Data LLC, (“Company”, “We”, “Us”, or “Our”), and any party (“Client”, “You”, “Your”) utilizing the archival data storage services provided by the Company (“Services”).

By accessing or using the Services, the Client agrees to be bound by this Agreement and affirms that it is authorized to act on behalf of any entity or data subject associated with the data submitted.

• 1. Principles of Data Handling

  • The Company undertakes all data handling in accordance with the following principles, consistent with globally recognized data protection laws and standards, including but not limited to the GDPR, CCPA, MCDPA, PCI DSS, and HIPAA (where applicable)

  • Lawfulness, Fairness, and Transparency: Processing shall be conducted in a lawful, fair, and transparent manner.

  • Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  • Data Minimization: Only data strictly necessary for archival and contractual obligations shall be stored.

  • Accuracy: Reasonable steps shall be taken to ensure data accuracy at the time of ingestion.

  • Storage Limitation: Data will be retained only as long as necessary to meet the Client’s stated retention schedule or as required by applicable law. In the absence of a stated schedule, the Company will apply a default archival retention period of twenty five (25) years unless otherwise agreed in writing

  • Integrity and Confidentiality: Appropriate technical and organizational safeguards shall be in place to prevent unauthorized or unlawful processing, loss, or damages.

• 2. Scope of Services

  • 2.1 Nature of Service

  •   The Company provides secure, offline archival storage using Linear Tape-Open (LTO) media and air-gapped infrastructure for long-term data preservation. Services include data ingestion, encrypted physical storage in secured vaults, retrieval upon verified client (Key Holder) request, and secure deletion or destruction in accordance with applicable law or client instructions.

  • 2.2 Use Limitations

  •   The Services are not designed for real-time computing, file synchronization, or transactional systems. The Company does not guarantee immediate accessibility and is not responsible for failure to meet operational continuity or uptime expectations typical of online storage platforms. The Services are intended solely for archival and long-term preservation purposes. In the event of a client request for data restoration, the Company can only provide access to data that was successfully received and ingested as part of the Client’s most recent backup submission, or any prior submissions retained under the Client’s storage history. The Company is not responsible for any data loss resulting from incomplete, delayed, or omitted transfers from the Client.

• 3. Legal Basis for Data Handling

  • The Company processes Client Data only when one or more of the following apply:

  • The Client has provided explicit, lawful instruction to store or process the data.

  • Processing is necessary for the performance of a contract with the Client.

  • Processing is necessary to protect the rights, property, or safety of the Company, its clients, others, or to detect or prevent fraud or other unlawful activity and provide an accurate account of all files and arrangements.

• 4. Client Data Rights

  • The Company recognizes and facilitates the following data rights where applicable and where technically and operationally feasible consistent with applicable data protection laws:

  • 4.1 Right of Access (Article 15, GDPR equivalent)

  •   Clients have the right to obtain confirmation as to whether data concerning them is being processed, and to request access to that data, its retention period, the purpose of processing, and details of any disclosures.

  •   ⏤ The Company shall provide this access in a structured, comprehensible format within 30 days of verified request, barring delay due to force majeure (see Section 12).

  • 4.2 Right to Rectification (Article 16)

  •   Clients may request correction of inaccurate or incomplete information. The Company shall amend stored metadata (not archived file contents) where appropriate.

  • 4.3 Right to Erasure ("Right to Be Forgotten", Article 17)

  •   Clients may request deletion of data where:

  • The data is no longer necessary for the purpose it was collected;

  • The retention period has expired;

  • The Client withdraws consent or terminates the Agreement.

  • The Company shall comply unless:

  • Data must be retained for legal obligations;

  • Deletion would impair other lawful uses (e.g., legal hold).

  • 4.4 Right to Restriction of Processing (Article 18)

  •   The Client may request suspension of processing (e.g., retrieval denial) where the accuracy of the data is contested, or the processing is unlawful.

  • 4.5 Right to Object

  •   Client may object to processing based on public interest, legal obligation, or profiling, where applicable. The Company shall review such objections and cease processing where no overriding interest exists where cessation is technically possible within the constraints of offline storage.

• 5. Data Access and Physical Media Policy

  • 5.1 Non-Access by Default

  •   As a matter of policy and technical architecture, the Company will not access the physical data medium or it's contents unless:

  • Retrieval or maintenance is explicitly requested by the Client;

  • Required by law (e.g., subpoena, court order);

  • Necessary to comply with a mandatory risk mitigation or integrity audit.

  • In all cases, the Client shall be notified in writing prior to any physical or logical access to the medium unless prohibited by law.

  • 5.2 Chain of Custody and Access Logs

  •   The Company shall maintain detailed access and handling logs for all physical tape movements and data retrieval events. These logs may be made available to the Client upon verified request, subject to confidentiality and security review process.

• 6. Data Security and Integrity

  • 6.1 Technical Safeguards

  • Industry-standard data encryption (at rest and during processing) is available upon request and is applied to physical media.

  • LTO tape libraries are air-gapped, and as such isolated from public networks.

  • Optional mirrored storage and geographic redundancy separation available under custom contract.

  • 6.2 Organizational Measures

  • Role-based access controls are enforced for all data handling systems.

  • Physical security protocols include surveillance, environmental monitoring sensors, and restricted entry zones.

  • Internal company compliance audits conducted annually to assess and test procedural and technical safeguards.

  • 6.3 Confidentiality

  •   All employees and contractors are bound by enforceable confidentiality agreements. Unauthorized access to client data is strictly prohibited and may result in immediate termination and legal action, including civil or criminal penalties where applicable.

• 7. Breach Notification

  • In the event of a confirmed breach (e.g. physical data theft, environmental compromise)TYPES OF BREACHES) affecting Client Data, the Company shall:

  • Notify the Client without undue delay and within 36hr, when feasible; Provide all known details, including the nature and scope of the breach; Provide remediation measures and estimated timeframes; Cooperate fully with any regulatory reporting the Client is obligated to perform and in good faith, cooperate with any client's legal obligations.

• 8. Subcontracting and Third Parties

  • The Company may engage authorized sub-processors (e.g., logistics partners, certified destruction vendors) under written agreements that uphold equivalent or stronger obligations than this Agreement.

  • The Company remains responsible for the performance of its sub-processors. A list of active sub-processors shall be made available upon request, where disclosure does not violate security protocols or entered agreements.

• 9. Term and Termination

  • 9.1 Term

  •   This Agreement remains in effect from the Effective Date until terminated by either party in writing with thirty [30] days’ notice.

  • 9.2 Post-Termination Handling

  •   Upon termination, the Client may instruct the Company to:

  • Return the stored data via a mutually agreed delivery method; subject to applicable retrieval and shipping fees outside your subscription or per a client's contract.

  • Permanently destroy the data and provide a certificate of destruction;

  • Hold the data for a grace period of no more than [90] days pending further instruction. If more than one grace period is initiated in a 12-month calendar window, the company reserves the right to terminate the agreement between the client and the company or revert to annual payment installments only. If no instruction is received within the grace period, the Company reserves the right to permanently destroy the data in accordance with its standard retention and disposal policies. The Company shall not be liable for any loss, claim, or damages resulting from the Client’s failure to provide timely or complete post-termination instructions.

• 10. Amendments

  • 10.1 Governing Authority

  •   Amendments to this Agreement shall be subject to approval by a majority vote of the Company’s Board of Directors.

  • 10.2 Client Notification

  • The Company shall notify all Clients of material changes to this Agreement at least thirty (30) calendar days prior to their effective date, via email or other registered communication method on file. Continued use of the Services after the effective date shall constitute acceptance of the amended terms.

• 11. Payment and Fees

  • Fees are assessed based on storage volume, retrieval frequency, retention period, and selected client's selected service tier. Invoice for contracts are due within thirty (30) calendar day of Issuance unless otherwise agreed in writing. Failure to pay within the specified period may result in one or more of the following actions:

  • Suspension of Services;

  • Administrative fees;

  • Secure destruction of archived materials following notification and expiration of retention grace period. The Company shall not be liable for any loss of data or damages resulting from enforcement of this Section due to non-payment.

• 12. Force Majeure

  • The Company shall not be held liable for delay, interruption or failure to perform it's Obligations under this agreement due to causes beyond its reasonable control, including but not limited to natural and man made disasters, nuclear events, utility failures, labor disputes, unrest, pandemic, Public health emergency, governmental orders, acts of God, or force majeure.

  • If such conditions persist longer than 60 days, either party may terminate this Agreement without further liability beyond payment for services rendered.

• 13. Indemnification and Liability

  • This Agreement shall be governed by and construed in accordance with the laws of the jurisdiction of both Client and Company. Any disputes arising out of or relating to this Agreement shall be brought exclusively in the state or federal courts located in Hennepin County, Minnesota, United States of America, or through an agreed-upon arbitration forum seated in Minnesota. The parties irrevocably consent to the personal jurisdiction and venue of such courts or arbitration forums.

• 14. Governing Law and Jurisdiction

Contact Information

  Deep Freeze Data LLC

  2700 Louisiana Avenue South

P.O. Box 26640

  St. Louis Park, MN 55426

  accounts@deepfreezedata.com