Data Processing Addendum
GDPR + CPRA aligned
Last updated: January 2026
1. Scope
This DPA applies where the Company processes personal data or personal information on behalf of a customer.
2. Roles
- Customer: Data Controller (EU) or Business (US)
- Company: Data Processor (EU) or Service Provider (US)
3. Processing Activities
Processing includes:
- Account management
- AI-based application generation
- Infrastructure hosting and support
4. Obligations
The Company shall:
- Process data only on documented instructions
- Maintain confidentiality
- Apply reasonable security measures
- Assist with rights requests
- Notify of data breaches as required by law
5. Sub-processors
Sub-processors may be used and are bound by equivalent contractual obligations.
6. International Transfers
Safeguards include Standard Contractual Clauses and equivalent mechanisms.
7. Data Deletion
Data is deleted or anonymized upon termination unless legally required.
8. Audits
Reasonable audits may be conducted subject to confidentiality.
9. Liability
Liability follows the Terms of Service.