Data Processing Agreement (DPA)

Effective Date: July 15, 2025 Last Updated: July 15, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (“Customer”, “Controller”, or “You”) and Uniport Technologies (“Uniport”, “Processor”, “We”, or “Us”).

This DPA governs Uniport’s processing of personal data on your behalf in connection with your use of the Uniport AI services.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data, such as collection, storage, access, deletion, etc.
Controller: The entity that determines the purposes and means of the processing of Personal Data.
Processor: The entity that processes Personal Data on behalf of the Controller.
Sub-Processor: A third-party service provider engaged by the Processor to assist in processing activities.
Applicable Law: The EU General Data Protection Regulation (GDPR), CCPA, and any applicable data protection laws.

2. Subject Matter and Duration

This DPA applies to Personal Data that Uniport processes on behalf of the Customer while providing AI services via its API and platform.

This DPA remains in effect for as long as the Customer uses the Service and until all data is deleted as per this agreement.

3. Nature and Purpose of Processing

Uniport processes Personal Data solely for the purpose of delivering the services specified in the Terms of Service, including:

Executing API requests and responses
Providing AI-generated outputs
Monitoring performance, usage, and abuse
Managing billing and customer support

Uniport will never use, share, or sell personal data for advertising or profiling purposes.

4. Categories of Data

Depending on how the Customer uses the API, the data processed may include:

Text prompts and messages
Image inputs (if applicable)
Audio files (if applicable)
Account metadata (email, IP, user agent)
Content entered by end users into Customer’s systems

⚠️ Customers are responsible for ensuring they do not send sensitive personal data unless necessary and legally permitted.

5. Data Subject Types

The data subjects may include:

End-users of Customer’s applications
Employees or contractors of Customer
Individuals whose data is input via the Uniport API

6. Customer Responsibilities

The Customer, as the Controller, agrees to:

Comply with all applicable data protection laws
Ensure a valid legal basis for processing personal data
Not transmit sensitive data unless necessary
Implement appropriate security controls for using the API

7. Uniport Responsibilities

Uniport, as the Processor, agrees to:

Process data only on documented instructions from the Customer
Implement appropriate technical and organizational safeguards
Ensure confidentiality of personnel and subcontractors
Assist the Customer in responding to data subject rights (on request)
Notify the Customer of any breach without undue delay

8. Sub-Processors

Uniport uses carefully vetted sub-processors to deliver its services. These include:

Sub-Processor

Purpose

Location

AWS / Cloudflare

Hosting & Infrastructure

Global (US/EU)

Stripe

Payment Processing

USA

Sentry / Logtail

Error Monitoring & Logging

USA/EU

PostHog / Vercel

Analytics / Hosting (optional)

EU/US

You will be notified of any material changes to sub-processors.

9. International Transfers

Where data is transferred outside of the EU/EEA, Uniport will:

Use only subprocessors with appropriate safeguards (e.g., SCCs, adequacy decisions)
Ensure compliance with international data transfer rules (GDPR Articles 44–49)

10. Security Measures

Uniport implements the following security controls:

TLS encryption for all in-transit data
Access controls and key-based API authentication
Role-based access for internal staff
Encrypted storage of logs and configuration secrets
Audit logs and regular penetration testing

11. Data Subject Requests

Upon request, Uniport will:

Assist the Customer in fulfilling data access, correction, deletion, or portability requests under GDPR/CCPA
Forward any third-party data subject request to the Customer without responding unless instructed

12. Breach Notification

In the event of a personal data breach, Uniport will:

Notify the Customer without undue delay
Provide relevant information and status updates
Cooperate fully with mitigation and regulatory disclosure efforts

13. Data Retention and Deletion

Prompt input/output data is not stored longer than 30 days
Account and billing metadata is retained as long as necessary
Upon account closure or request, all personal data will be deleted or anonymized

To request deletion: email privacy@uniport.site

14. Audits

Upon request, Uniport will provide:

A summary of security policies
Details on technical and organizational measures
Confirmation of subprocessors and locations

Audits must be reasonable, non-disruptive, and pre-scheduled.

15. Termination

Upon termination of service:

Uniport will delete all stored personal data (except where legally required)
This DPA remains valid as long as data is retained

16. Governing Law

This DPA is governed by the laws of the State of Delaware, USA and, where applicable, the GDPR or other relevant data protection regulations.

PreviousTerms of Service NextRefund Policy

Last updated 8 months ago

Good afternoon

hashtag1. Definitions

hashtag2. Subject Matter and Duration

hashtag3. Nature and Purpose of Processing

hashtag4. Categories of Data

hashtag5. Data Subject Types

hashtag6. Customer Responsibilities

hashtag7. Uniport Responsibilities

hashtag8. Sub-Processors

hashtag9. International Transfers

hashtag10. Security Measures

hashtag11. Data Subject Requests

hashtag12. Breach Notification

hashtag13. Data Retention and Deletion

hashtag14. Audits

hashtag15. Termination

hashtag16. Governing Law

hashtag