LEGAL
Data Processing Addendum
Last updated: 2026-04-26
This Data Processing Addendum ("DPA") supplements the SeenByLLM Terms of Service when you act as a Controller of personal data and we act as a Processor on your behalf.
1. Roles and scope
For the purposes of GDPR, you are the Controller and SeenByLLM is the Processor. We process personal data only to provide the Service as described in our Terms.
2. Sub-processors
- Fly.io — application hosting and database (EU regions).
- Resend — transactional email delivery.
- OpenRouter and underlying AI providers — prompt execution.
- Stripe — payment processing.
We notify you 30 days before adding any new sub-processor that accesses customer personal data.
3. Security measures
- Data in transit is encrypted with TLS 1.2+.
- Data at rest is encrypted at the storage layer.
- Access to production systems requires SSO and is logged in an immutable audit trail.
- Passwords are hashed with argon2id.
4. International transfers
Where personal data is transferred outside the EEA, the transfer is covered by the European Commission's Standard Contractual Clauses (Annex to be attached upon request).
5. Breach notification
We notify you of any personal-data breach affecting your data without undue delay and within 72 hours of becoming aware.
6. Data subject rights
We provide tooling to help you respond to data subject access, correction, and deletion requests. Where you cannot fulfil a request directly, contact privacy@seenbyllm.com.
[Placeholder] Counter-signed DPAs and SCC annex available on request once the operating entity is registered.