Data Processing Agreement (DPA)

1. Definitions and Interpretation

In this Data Processing Agreement ("DPA"):

• "Controller" means you, the customer using our Service
• "Processor" means LLMSaver Inc.
• "Personal Data" has the meaning given in the GDPR
• "Processing" has the meaning given in the GDPR
• "Data Subject" means individuals whose Personal Data is processed
• "GDPR" means the EU General Data Protection Regulation (2016/679)
• "Sub-processor" means third parties we engage to process Personal Data

2. Scope and Application

This DPA applies when you use our Service to process Personal Data and we act as a Processor on your behalf. This includes:

• API request data that contains Personal Data
• Usage logs that may contain Personal Data
• Any other Personal Data processed through our Service

3. Processing Instructions

We will process Personal Data only:

• In accordance with your documented instructions through use of the Service
• As necessary to provide the Service as described in our Terms of Service
• As required by applicable law (with notice to you where legally possible)

You instruct us to process Personal Data for the following purposes:

• Routing API requests to appropriate AI models
• Logging usage for billing and analytics purposes
• Providing customer support when requested
• Ensuring security and preventing abuse

4. Categories of Data and Data Subjects

4.1 Categories of Data Subjects

• Your employees and contractors
• Your customers and end users
• Any other individuals whose data you process through our Service

4.2 Categories of Personal Data

• Identifiers (names, email addresses, IP addresses)
• Professional information
• Communications data
• Usage data and analytics
• Any other Personal Data you choose to send through the Service

5. Technical and Organizational Measures

We implement appropriate technical and organizational measures to protect Personal Data:

5.1 Technical Measures

• Encryption of data in transit (TLS 1.2+)
• Encryption of data at rest
• Access controls and authentication
• Regular security updates and patches
• Network security and firewalls

5.2 Organizational Measures

• Employee training on data protection
• Confidentiality agreements for staff
• Regular security assessments
• Incident response procedures
• Data minimization practices

6. Sub-processors

We engage the following sub-processors to provide our Service:

We may add new sub-processors by updating this list and notifying you via email. You may object to new sub-processors within 30 days of notification.

7. International Data Transfers

Personal Data may be transferred to and processed in the United States. For transfers from the EU/UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

8. Data Subject Rights

To the extent we process Personal Data on your behalf, we will assist you with Data Subject rights requests by:

• Providing access to Personal Data we process
• Correcting inaccurate Personal Data
• Deleting Personal Data when technically feasible
• Restricting processing when requested

Your Responsibility: You are responsible for responding to Data Subject requests directly. We will provide reasonable assistance as outlined above.

9. Data Retention and Deletion

We retain Personal Data according to the following schedule:

• API Request Data: Not permanently stored (processed in real-time)
• Usage Logs: 2 years for analytics and debugging
• Account Data: Until account deletion + 30 days
• Support Communications: 3 years

Upon termination of the Service, we will delete or return Personal Data within 90 days, unless retention is required by law.

10. Security Incidents

In the event of a Personal Data breach, we will:

• Notify you without undue delay (within 72 hours when possible)
• Provide details about the nature and scope of the breach
• Describe measures taken to address the breach
• Provide recommendations to mitigate potential adverse effects

11. Audits and Compliance

Upon reasonable request and with appropriate advance notice, we will provide:

• Information about our security and privacy practices
• Relevant compliance certifications (when available)
• Cooperation with regulatory inquiries

Audit Costs: You are responsible for any costs associated with audits or assessments.

12. Liability and Indemnification

Your Indemnification: You agree to indemnify us against any claims, fines, or damages arising from your instructions or your violation of applicable data protection laws.

13. Term and Termination

This DPA remains in effect while you use our Service. Upon termination:

• We will cease processing Personal Data on your behalf
• We will delete or return Personal Data as specified above
• Our obligations under this DPA will survive for legally required periods

14. Amendments

We may update this DPA from time to time to reflect changes in:

• Applicable data protection laws
• Our Service functionality
• Our sub-processor arrangements
• Our security practices

We will notify you of material changes by email or through our Service.

15. Contact Information

For questions about this DPA or data processing matters: