Data Processing Agreement (DPA)
Last updated: April 14, 2026
This Data Processing Agreement (DPA) is entered into between you (Data Controller) and DLV Digital S.A. (Data Processor) in addition to the Terms of Service for the CleanData service.
1. Definitions
"Personal Data" — any information relating to an identified or identifiable natural person, processed within the service. "Processing" — any operation on personal data: collection, recording, storage, modification, transfer, deletion. "Sub-processor" — a third party engaged by the Processor to process data.
2. Subject and Purpose of Processing
The Processor processes personal data solely for providing tabular data cleaning and normalization services. Processing includes: file upload, parsing, application of cleaning algorithms, AI normalization (if selected), providing results for download.
3. Types of Personal Data
Data that may be processed includes: names, surnames, phone numbers, addresses, emails, cities, and any tabular data uploaded by the user. The exact data composition is determined by the content of user files.
4. Duration of Processing
Uploaded files are processed and automatically deleted 1 hour after processing completion. Technical logs are retained for up to 90 days. The AI cache stores anonymized value pairs indefinitely.
5. Processor Obligations
The Processor shall: (a) process data only according to Controller instructions (within service functionality); (b) ensure confidentiality; (c) implement technical and organizational security measures (TLS, encryption, access control); (d) notify of security breaches within 72 hours; (e) delete data upon completion of processing.
6. Sub-Processors
The Processor engages the following sub-processors: — Anthropic, PBC (USA) — AI data normalization (only when AI features are selected) — Hosting provider — server infrastructure — Payment processor — payment processing (card data is not shared with the Processor) The Processor will notify the Controller of changes to the sub-processor list on this page. The Controller may object to a new sub-processor within 30 days.
7. Data Subject Rights
The Processor assists the Controller in fulfilling data subject requests (access, rectification, deletion, portability) within the service functionality. Send requests to DLV_support@proton.me.
8. International Data Transfers
Data may be transferred to the USA (Anthropic API) when AI features are used. Transfers are made on the basis of EU Standard Contractual Clauses (SCC). When using only free features, data is processed on servers within the hosting provider's jurisdiction.
9. Audit
The Controller has the right to request information necessary to verify compliance with this DPA. The Processor responds to audit requests within 30 days. Contact: DLV_support@proton.me.
10. Term
This DPA remains in effect for the duration of service use and terminates after all Controller personal data has been deleted.