Master's in AI
    Data Processing Agreement

    Clear data governance

    We sign a Data Processing Agreement with every client before work begins. Here is exactly what it covers, what categories of data we process and how we protect it.

    What we process

    Three categories of data, clearly defined

    We process only what is necessary for delivery. No data is shared, sold or used to train models.

    Client project data

    Documents, workflow descriptions, process maps and system schemas you share during scoping and implementation. Retained only for the project duration. Deleted 30 days after contract ends unless you request earlier deletion.

    Personal data in scope

    Names, email addresses and contact details used for project communication and delivery. Never used to train AI models. Processed under our standard SCC-compliant sub-processor agreements only.

    System access logs

    Minimal technical logs for security monitoring, incident detection and audit purposes. Exported to you on request at any time. Logs are stored inside the EU in encrypted, access-controlled environments.

    Your GDPR rights

    Rights you can exercise at any time

    • Right of access to your personal data
    • Right to rectification of inaccurate data
    • Right to erasure ('right to be forgotten')
    • Right to data portability in a machine-readable format
    • Right to restrict processing while disputes are resolved
    • Right to object to processing you did not consent to
    • Notification within 72 hours of any personal data breach (Art. 33)
    • Data deleted or returned within 30 days of contract end
    Sub-processors

    Who else touches your data

    We maintain a current list of sub-processors. Each is bound by Standard Contractual Clauses and contracted not to use your data for any purpose beyond service delivery.

    EU cloud hosting provider
    Infrastructure hosting and storage
    EU
    Customer-owned accounts where applicable
    LLM API provider
    Language model inference only
    EU or SCC-covered
    Data not used for model training

    We do not use your data to train AI models. Ever.

    Request your DPA

    We sign a DPA before any project begins

    To request a copy for review, discuss specific data handling requirements or ask about our sub-processor list, contact us. We respond to all DPA requests within 24 hours.

    Request DPA documentation

    Questions about how we handle your data?

    We are transparent about every sub-processor, data type and retention period. Ask us anything — before you sign.

    Free intro call · Your infrastructure · GDPR compliant

    FAQ

    Questions before you build

    Short answers to the things most teams ask before turning a workflow into an AI-powered system.