GDPR & Data Processing Agreement

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between DataAgents ("we," "us," or "our") and you ("Customer" or "you") and governs the processing of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data, including collection, storage, use, and deletion
Data Subject: The natural person to whom personal data relates
Controller: The entity that determines the purposes and means of processing personal data
Processor: The entity that processes personal data on behalf of the controller

2. Scope and Application

This DPA applies to all personal data processed by DataAgents in connection with the provision of our AI-powered data platform services. We act as a data processor when processing personal data on your behalf, and as a data controller when processing personal data for our own business purposes.

3. Data Processing Details

Categories of Personal Data Processed:

Contact information (name, email address, phone number)
Account information (username, profile data)
Usage data (platform interactions, feature usage)
Technical data (IP address, device information, browser type)
Business data (company information, data sources connected)

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

Contract Performance: Processing necessary for the performance of our services
Legitimate Interest: Processing for our legitimate business interests (service improvement, security)
Consent: Where you have given clear consent for specific processing activities
Legal Obligation: Processing required to comply with legal obligations

5. Data Security Measures

We implement appropriate technical and organizational measures to protect personal data:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security assessments and penetration testing
Employee training on data protection
Incident response procedures
Data backup and recovery systems

6. Data Subject Rights

Under GDPR, data subjects have the following rights:

Right of Access: Request copies of personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of personal data in certain circumstances
Right to Restrict Processing: Limit how we process your personal data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Rights Related to Automated Decision Making: Human review of automated decisions

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this DPA, comply with legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we securely delete or anonymize it.

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other adequacy decisions.

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected data subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

10. Sub-Processors

We use the following categories of sub-processors:

Cloud infrastructure providers (Google Cloud Platform)
AI/ML service providers (OpenAI, Anthropic, Google)
Payment processors (Stripe)
Analytics providers (PostHog - with consent)

All sub-processors are bound by data processing agreements and security requirements. We will notify you of any changes to sub-processors.

11. Contact Information

Data Protection Officer:

Email: [email protected]

Address: DataAgents, Sophia Antipolis, France

12. Changes to This Agreement

We may update this DPA from time to time. We will notify you of any material changes by email or through our platform. Your continued use of our services after such notification constitutes acceptance of the updated DPA.

This Data Processing Agreement is effective as of September 19, 2025, and governs all personal data processing activities conducted by DataAgents in connection with our services.