⚠️ DRAFT — Pending legal review. DPA template not yet finalised.

Data Processing Agreement (DPA)

Art. 28 GDPR — For B2B customers

Do you need a DPA?

If your organisation processes personal data using Neuridion and is itself a data controller (e.g. a medical device manufacturer processing patient-related search terms), a Data Processing Agreement is required under Art. 28 GDPR.

Contact us to sign a DPA: info@neuridion.eu

What a Neuridion DPA covers

  • Subject matter, duration, nature and purpose of processing
  • Categories of personal data processed (names, emails, device search terms)
  • Your rights as data controller and our obligations as data processor
  • Sub-processor list and change notification process
  • Technical and organisational measures (TOMs)
  • Procedures for data subject rights requests
  • Breach notification timelines (72-hour rule)
  • Return or deletion of data on termination

Our sub-processors

Sub-processorLocationPurposeTransfer basis
SupabaseEUDatabase & authSame region
AnthropicUSAI FSN filteringSCCs
PDFShiftFRPDF generationSame region
RenderUSApplication hostingSCCs
StripeUSPayment processingSCCs
ResendUSTransactional emailSCCs

Request a DPA

To receive a draft DPA for countersignature, email info@neuridion.eu with the subject line "DPA Request" and your company details. We aim to respond within 5 business days.

← HomePrivacyTerms