Data Processing Agreement

Pursuant to Article 28 GDPR

1. Parties

Data Controller: The customer ("Controller")
Data Processor: [COMPANY_NAME], [ADDRESS] ("Processor", "dunpai")

2. Subject Matter and Duration

The Processor processes personal data on behalf of the Controller to provide AI inference with PII protection, as described in the service agreement. Processing continues for the duration of the service agreement.

3. Nature and Purpose of Processing

• Detection and temporary replacement of personal data in AI prompts
• Forwarding of sanitized (PII-free) prompts to LLM infrastructure
• Restoration of personal data in AI responses
• Audit logging of processing activities (metadata only, no raw content)
• Storage of one-way hashes of personal data for DSAR fulfillment

4. Categories of Data Subjects

Individuals whose personal data is contained in the Controller's AI prompts (e.g., customers, employees, business contacts of the Controller).

5. Types of Personal Data

Email addresses, phone numbers, IBANs, credit card numbers, tax identification numbers, IP addresses, dates, postal codes, and any other personal data present in prompts that is detected by the PII engine.

6. Obligations of the Processor

6.1 Processing Instructions

The Processor shall process personal data only on documented instructions from the Controller, unless required by EU or Member State law.

6.2 Confidentiality

All persons authorized to process personal data have committed themselves to confidentiality.

6.3 Security Measures

• PII is replaced with tokens before reaching the LLM — the model never sees real personal data
• Token-to-PII mapping exists only in memory for the duration of one request, then is discarded
• No raw prompts or responses are stored
• API keys are stored as BLAKE3 hashes, not plaintext
• PII references in audit logs are stored as irreversible BLAKE3 hashes
• All data is encrypted in transit (TLS) and at rest (encrypted storage)
• All infrastructure is located in EU datacenters (Hetzner, Germany)

6.4 Sub-processors

Current sub-processors:

• Hetzner Online GmbH — Infrastructure hosting, Falkenstein/Nuremberg, Germany

The Processor shall inform the Controller of any intended changes to sub-processors, giving the Controller the opportunity to object.

6.5 Data Subject Rights

The Processor shall assist the Controller in fulfilling data subject requests (access, rectification, erasure, restriction, portability, objection) through the DSAR API endpoint and compliance reporting tools.

6.6 Data Breach Notification

The Processor shall notify the Controller without undue delay (within 48 hours) after becoming aware of a personal data breach.

6.7 Deletion

Upon termination of the service, the Processor shall delete all personal data within the configured retention period (default: 90 days), unless retention is required by law.

7. Data Transfers

No personal data is transferred outside the EU/EEA. All processing occurs on EU infrastructure.

8. Audit Rights

The Controller has the right to conduct audits, including inspections, to verify the Processor's compliance with this agreement. The Processor shall contribute to such audits and provide necessary information.

9. Contact

dpa@dunpai.eu