Data Processing Agreement
DATA PROCESSING AGREEMENT (LGPD/GDPR)
Effective: December 22, 2025
Between [Your Company] (Processor) and [Client Company] (Controller)
1. PROCESSING INSTRUCTIONS
Processor shall process Personal Data only to provide file analysis service per Controller's documented instructions.
2. PROCESSING DETAILS
Subject matter: File analysis via AI
- Duration: Term of service agreement
- Nature: Temporary storage, AI processing, metadata analytics
- Purpose: Deliver analysis results
3. PROCESSOR OBLIGATIONS
✓ Implement technical/organizational measures (encryption, access controls)
✓ Notify Controller of sub-processors (AWS, Stripe, Sentry, Datadog)
✓ Assist with data subject rights, DPIA, breach notification (within 24h)
✓ Delete/return data upon termination (30 days)
4. DATA SECURITY
- Encryption: TLS 1.3 transit, AES-256 at rest
- Access: Need-to-know, MFA, audit logs
- Breach notification: Within 24 hours to Controller
5. SUB-PROCESSORS
| Name | Service | Location |
|---|---|---|
| AWS | Storage/processing | US/EU |
| Stripe | Payments | US |
| Sentry | Monitoring | US |
| Datadog | Analytics | US |
Controller may object with 15 days notice.
6. INTERNATIONAL TRANSFERS
Protected by EU SCCs + LGPD adequacy measures.
7. AUDIT RIGHTS
Controller may audit compliance annually (reasonable notice).
8. LIABILITY
Processor liable for direct damages from DPA breach, capped at 12 months fees.