Data Processing Agreement
Our DPA outlines how we process personal data on your behalf in compliance with GDPR and other data protection regulations.
Request DPA DocumentWhat's Covered
Key aspects of our Data Processing Agreement
Data Processing Scope
Clear definitions of personal data categories, processing purposes, and data subject types.
Security Measures
Technical and organizational measures we implement to protect your data.
Sub-Processors
Transparent list of authorized sub-processors with notification of changes.
Data Subject Rights
Procedures for handling data subject requests and ensuring compliance.
Data Transfers
Lawful mechanisms for international data transfers including SCCs.
Breach Notification
Commitment to notify you of any data breaches within 72 hours.
Authorized Sub-Processors
We use the following sub-processors to provide our services. We notify customers of any changes to this list.
| Sub-Processor | Location | Purpose |
|---|---|---|
| Amazon Web Services (AWS) | USA | Cloud Infrastructure |
| Google Cloud Platform | USA | Cloud Infrastructure |
| OpenAI | USA | AI Processing |
| Anthropic | USA | AI Processing |
| Stripe | USA | Payment Processing |
| SendGrid | USA | Email Delivery |
| Datadog | USA | Monitoring & Analytics |
DPA Summary
1. Definitions
This DPA uses terms as defined in the GDPR, including "Personal Data," "Processing," "Data Controller," "Data Processor," and "Data Subject."
2. Scope of Processing
Calimatic AI processes personal data solely to provide the services outlined in your service agreement. We act as a Data Processor on your behalf.
3. Security Measures
We implement appropriate technical and organizational measures including encryption, access controls, and regular security assessments.
4. Data Subject Rights
We assist you in responding to data subject requests including access, rectification, erasure, and data portability within required timeframes.
5. Data Retention
Personal data is retained only for the duration of the service agreement plus any legally required retention period, after which it is securely deleted.
6. International Transfers
For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) and supplementary measures as required by applicable law.
Need a Signed DPA?
Enterprise customers can request a countersigned DPA. Contact our legal team to discuss your specific requirements.