Data Processing Agreement (DPA)

    Last updated: May 2026

    This Data Processing Agreement ("DPA") forms part of the Terms of Service between Analitiq ("Processor") and the Customer ("Controller") and governs the processing of Personal Data carried out by Analitiq on the Customer's behalf in connection with the Service.

    This DPA reflects the parties' agreement on the processing of Personal Data in accordance with the requirements of the EU General Data Protection Regulation (GDPR) Regulation 2016/679.

    1. Definitions

    Terms such as "Personal Data", "Processing", "Data Subject", "Controller", "Processor", and "Sub-processor" have the meanings given to them in the GDPR.

    2. Roles of the Parties

    The Customer acts as the Controller, and Analitiq acts as the Processor. Analitiq processes Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country.

    3. Subject Matter and Duration

    • Subject matter: Provision of the Analitiq data integration platform.
    • Duration: For the term of the Customer's subscription.
    • Nature and purpose: Synchronization, transformation, and movement of data between systems chosen by the Customer.
    • Categories of data subjects: Determined by the Customer.
    • Categories of personal data: Determined by the Customer.

    4. Processor Obligations

    • Process Personal Data only on the Customer's documented instructions.
    • Ensure persons authorized to process Personal Data are bound by confidentiality.
    • Implement appropriate technical and organizational measures (Article 32 GDPR).
    • Assist the Customer in responding to Data Subject requests.
    • Notify the Customer without undue delay of any Personal Data Breach.
    • Delete or return all Personal Data at the end of the engagement.

    5. Sub-processors

    The Customer provides general authorization for Analitiq to engage Sub-processors. A current list of Sub-processors is available on our Sub-processors page. Analitiq will notify the Customer of any intended changes and provide an opportunity to object.

    6. International Data Transfers

    Customer data is hosted in the European Union. Where transfers outside the EEA are necessary, Analitiq relies on the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures as required.

    7. Security Measures

    Analitiq maintains appropriate technical and organizational measures including encryption in transit and at rest, role-based access controls, audit logging, vulnerability management, and annual security reviews. Full details are described on our Security page.

    8. Audits

    Analitiq makes available to the Customer all information necessary to demonstrate compliance with Article 28 GDPR, including third-party audit reports (e.g., SOC 2 Type II).

    9. Contact

    To execute a counter-signed copy of this DPA or for related questions, contact privacy@analitiq.ai.