Data Processing Addendum
Defining our commitment to data protection and compliance.
Storita.ai Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the agreement between Storita.ai and its customers and governs the processing of personal data on behalf of the customer.
Roles of the Parties
- The customer is the Data Controller
- Storita.ai is the Data Processor
Scope of Processing
Storita.ai processes personal data solely to provide the services as instructed by the customer through configuration and usage of the platform.
Processor Obligations
Storita.ai shall:
- Process data only on documented customer instructions
- Ensure confidentiality of personal data
- Implement appropriate security measures
- Not sell or commercially exploit customer data
- Not use customer data to train foundation AI models
Subprocessors
Storita.ai may engage subprocessors to provide parts of the service, including AI processing and observability tools.
Current subprocessors include:
- OpenAI
- Anthropic
- OpenRouter
- Langfuse
Storita.ai remains responsible for subprocessors’ compliance with this DPA.
Security Measures
Security measures include:
- Encryption in transit (TLS)
- Encryption at rest for sensitive data
- Role-based access controls
- Logged administrative access
Data Subject Rights
Storita.ai will assist customers in responding to data subject requests where technically feasible.
Data Breach Notification
Storita.ai will notify the customer without undue delay upon becoming aware of a personal data breach affecting customer data.
Data Retention & Deletion
Upon termination:
- Customer data is deleted from production systems
- Backups may persist until routine rotation (up to 30 days)
International Transfers
Where personal data is transferred internationally, Standard Contractual Clauses (SCCs) or equivalent safeguards are applied.
Compliance
This DPA is intended to comply with:
- GDPR
- CCPA / CPRA