Legal

Data Processing Agreement

Last updated: January 2025

Agreement Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between WhoPrompt ("Processor") and the Customer ("Controller"). This agreement reflects the parties' agreement with regard to the processing of personal data.

By using WhoPrompt's services, you agree to the terms outlined in this DPA.

1. Definitions

"Controller" means the entity that determines the purposes and means of the processing of Personal Data (the Customer).
"Processor" means the entity which processes Personal Data on behalf of the Controller (WhoPrompt).
"Personal Data" means any information relating to an identified or identifiable natural person.
"Subprocessor" means any third party appointed by or on behalf of Processor to process Personal Data.

2. Processing of Data

The Processor shall process Personal Data only on documented instructions from the Controller. The subject matter of processing is limited to the provision of the WhoPrompt Service.

Nature and Purpose

Processing operations include collection, storage, retrieval, consultation, use, disclosure by transmission, and erasure of data necessary to provide AI-powered database analytics.

3. Security Measures

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of data in transit (TLS 1.2+)
Encryption of sensitive data at rest (AES-256 for credentials)
Regular vulnerability assessments and penetration testing
Strict access controls and authentication (MFA)

4. Authorized Subprocessors

The Controller authorizes the Processor to engage the following Subprocessors:

Vercel

Hosting & Edge Functions

Location: USA

Neon

Database Hosting

Location: USA

Google Gemini

AI Model Processing

Location: USA

Polar

Payment Processing

Location: USA

5. Data Subject Rights

The Processor shall assist the Controller in fulfilling its obligations to respond to requests for exercising the data subject's rights, including:

Right of access (Data Export)
Right to rectification
Right to erasure (Right to be Forgotten)

6. Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach. Such notification shall include the nature of the breach, the categories of data affected, and recommended measures to mitigate possible adverse effects.

Legal

Data Processing Agreement

Last updated: January 2025

Agreement Overview

By using WhoPrompt's services, you agree to the terms outlined in this DPA.

1. Definitions

"Controller" means the entity that determines the purposes and means of the processing of Personal Data (the Customer).
"Processor" means the entity which processes Personal Data on behalf of the Controller (WhoPrompt).
"Personal Data" means any information relating to an identified or identifiable natural person.
"Subprocessor" means any third party appointed by or on behalf of Processor to process Personal Data.

2. Processing of Data

The Processor shall process Personal Data only on documented instructions from the Controller. The subject matter of processing is limited to the provision of the WhoPrompt Service.

Nature and Purpose

Processing operations include collection, storage, retrieval, consultation, use, disclosure by transmission, and erasure of data necessary to provide AI-powered database analytics.

3. Security Measures

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of data in transit (TLS 1.2+)
Encryption of sensitive data at rest (AES-256 for credentials)
Regular vulnerability assessments and penetration testing
Strict access controls and authentication (MFA)

4. Authorized Subprocessors

The Controller authorizes the Processor to engage the following Subprocessors:

Vercel

Hosting & Edge Functions

Location: USA

Neon

Database Hosting

Location: USA

Google Gemini

AI Model Processing

Location: USA

Polar

Payment Processing

Location: USA

5. Data Subject Rights

The Processor shall assist the Controller in fulfilling its obligations to respond to requests for exercising the data subject's rights, including:

Right of access (Data Export)
Right to rectification
Right to erasure (Right to be Forgotten)

6. Data Breach Notification