SimpleAI
Login

Data Processing Agreement

Last Modified: February 22, 2025

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between psquared GmbH ("Processor") and you ("Controller").

Need a signed copy or specific DPA requirements? Contact us at office@psquared.dev, and we'll be happy to provide you with a customized version that meets your needs.

1. Definitions

The following definitions apply to this DPA:

  • "GDPR" means the General Data Protection Regulation (EU) 2016/679
  • "Controller" means you, the customer using SimpleAI services
  • "Processor" means psquared GmbH (SimpleAI)
  • "Sub-processor" means any processor engaged by SimpleAI
  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data
  • "Services" means the services provided by SimpleAI under the main agreement

2. Scope and Roles

2.1. Processing Scope

This DPA applies to the processing of Personal Data by SimpleAI when providing the Services.

2.2. Roles of the Parties

  • You act as the Controller of the Personal Data
  • We act as the Processor of the Personal Data
  • We will process Personal Data only on your documented instructions

2.3. Duration

This DPA remains in effect for the duration of the Personal Data processing under the main agreement.

3. Processor Obligations

3.1. Processing Instructions

  • Process Personal Data only on documented instructions
  • Ensure authorized persons are committed to confidentiality
  • Implement appropriate technical and organizational measures
  • Assist the Controller in responding to data subject requests

3.2. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption of Personal Data
  • Ability to ensure ongoing confidentiality, integrity, and availability
  • Regular testing and evaluation of measures
  • Access controls and authentication

3.3. Sub-processors

We may engage Sub-processors subject to:

  • Prior notice to the Controller
  • Written agreements imposing same obligations
  • Remaining liable for Sub-processor compliance

4. Data Handling

4.1. Data Access

  • Access limited to authorized personnel
  • Personnel bound by confidentiality obligations
  • Access logging and monitoring

4.2. Data Location

Personal Data is processed in:

  • European Union (primary storage and processing)
  • United States (for specific services like OpenAI and Stripe)

4.3. Data Retention

  • Data retained only as necessary for service provision
  • Data deleted or returned at contract termination
  • Backups removed according to retention schedule

5. Technical and Organizational Measures

5.1. Security Measures

  • Encryption in transit and at rest
  • Network security and firewalls
  • Access control and authentication
  • Regular security testing
  • Incident response procedures

5.2. Personnel Security

  • Background checks where applicable
  • Regular security training
  • Confidentiality agreements

5.3. Physical Security

  • Secure data center facilities
  • Access control systems
  • Environmental protection

6. Personal Data Breaches

6.1. Breach Notification

In the event of a Personal Data breach, we will:

  • Notify you without undue delay
  • Provide detailed information about the breach
  • Document the facts, effects, and remedial action

6.2. Breach Response

Our response will include:

  • Immediate containment measures
  • Investigation of the cause
  • Measures to prevent recurrence
  • Support for your notification obligations

7. Audits and Assessments

7.1. Audit Rights

  • Right to conduct audits of processing activities
  • Access to necessary information and documentation
  • Reasonable notice required for audits

7.2. Impact Assessments

We will assist you with:

  • Data protection impact assessments
  • Prior consultations with supervisory authorities
  • Documentation of processing activities

8. International Transfers

8.1. Transfer Mechanisms

International transfers are protected by:

  • EU Standard Contractual Clauses
  • EU-US Data Privacy Framework
  • Additional technical safeguards

8.2. Sub-processor Transfers

We ensure Sub-processors comply with:

  • Same transfer protection mechanisms
  • Appropriate security measures
  • Data minimization principles

9. Term and Termination

9.1. Duration

This DPA remains in effect for the duration of the Personal Data processing under the main agreement.

9.2. Data Deletion

Upon termination, we will:

  • Delete or return all Personal Data
  • Delete existing copies unless legally required to retain
  • Provide certification of deletion if requested

10. Contact and Support

10.1. Contact Information

For DPA-related inquiries:

psquared GmbH

Dametzstraße 2-4

4020 Linz

Austria

Email: office@psquared.dev

10.2. Additional Support

For specific requirements or a signed copy of this DPA, please contact us. We can provide:

  • Customized DPA versions
  • Additional technical documentation
  • Signed physical copies
  • Specific compliance certifications

© 2025 psquared GmbH. All rights reserved.

Dametzstraße 2-4, 4020 Linz, Austria

office@psquared.dev