Last updated: [DATE]
dunpai provides an API proxy service that processes requests to large language models (LLMs) with automated PII detection and stripping, audit logging, and GDPR compliance reporting. The service is operated by [COMPANY_NAME] ("[COMPANY]").
You receive an API key upon registration. You are responsible for keeping your API key confidential. You must not share your API key or allow unauthorized access to your account.
dunpai acts as a data processor on your behalf. You remain the data controller for any personal data sent through the API. You must ensure you have a legal basis for processing personal data before sending it to our service. A Data Processing Agreement (DPA) is available at /legal/dpa.
dunpai's PII detection is regex-based and covers structured personal data (emails, phone numbers, IBANs, credit cards, tax IDs, IPs, dates, postal codes). It does not detect all forms of personal data, including names, free-text addresses, or context-dependent identifiers. You should not rely solely on dunpai for GDPR compliance — it is a technical safeguard, not a legal guarantee.
We aim for high availability but do not guarantee uptime unless covered by a separate SLA agreement. The service is provided "as is" for Starter tier customers.
You must not use the service to: generate illegal content, circumvent the PII detection system, perform denial-of-service attacks, or resell access without authorization.
dunpai's liability is limited to the amount paid by you in the 12 months preceding the claim. dunpai is not liable for indirect, consequential, or incidental damages. dunpai does not guarantee that all PII will be detected in every case.
Either party may terminate the service with 30 days written notice. Upon termination, your data (audit logs, account) will be deleted within the configured retention period.
These terms are governed by the laws of [JURISDICTION]. Disputes shall be resolved in the courts of [CITY, COUNTRY].
legal@dunpai.eu