Clear data governance
We sign a Data Processing Agreement with every client before work begins. Here is exactly what it covers, what categories of data we process and how we protect it.
Three categories of data, clearly defined
We process only what is necessary for delivery. No data is shared, sold or used to train models.
Client project data
Documents, workflow descriptions, process maps and system schemas you share during scoping and implementation. Retained only for the project duration. Deleted 30 days after contract ends unless you request earlier deletion.
Personal data in scope
Names, email addresses and contact details used for project communication and delivery. Never used to train AI models. Processed under our standard SCC-compliant sub-processor agreements only.
System access logs
Minimal technical logs for security monitoring, incident detection and audit purposes. Exported to you on request at any time. Logs are stored inside the EU in encrypted, access-controlled environments.
Rights you can exercise at any time
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ('right to be forgotten')
- Right to data portability in a machine-readable format
- Right to restrict processing while disputes are resolved
- Right to object to processing you did not consent to
- Notification within 72 hours of any personal data breach (Art. 33)
- Data deleted or returned within 30 days of contract end
Who else touches your data
We maintain a current list of sub-processors. Each is bound by Standard Contractual Clauses and contracted not to use your data for any purpose beyond service delivery.
We do not use your data to train AI models. Ever.
We sign a DPA before any project begins
To request a copy for review, discuss specific data handling requirements or ask about our sub-processor list, contact us. We respond to all DPA requests within 24 hours.
Request DPA documentationQuestions about how we handle your data?
We are transparent about every sub-processor, data type and retention period. Ask us anything — before you sign.
Free intro call · Your infrastructure · GDPR compliant
