AccuPredix

Data Processing Agreement

Last updated: 17 June 2026

This document is provided as a starting template. Have qualified legal counsel review and approve it before relying on it in production.

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller", "you") and AccuPredix ("Processor", "we") and applies when we process personal data on your behalf in connection with the AccuPredix service.

1. Scope & roles

You are the controller of personal data in datasets you upload or connect. AccuPredix processes that data only on documented instructions — primarily to provide forecasting, storage, exports, notifications, and support — and as required by applicable law.

2. Subject matter & duration

Processing continues for the subscription term and any post-termination export or deletion period specified in the service documentation.

3. Categories of data & subjects

  • Data subjects: your employees, contractors, and individuals whose data appears in uploaded datasets
  • Categories: identifiers, commercial information, and other fields you choose to upload
  • Special categories: you must not upload special category data unless permitted by law and agreed in writing

4. Processor obligations

  • Process personal data only on documented instructions
  • Ensure personnel confidentiality
  • Implement appropriate technical and organisational measures (Article 32 GDPR)
  • Assist with data subject requests where feasible via in-app tools
  • Assist with DPIAs and prior consultations where required
  • Delete or return data upon termination subject to legal retention requirements
  • Make available information necessary to demonstrate compliance

5. Sub-processors

You authorise our use of sub-processors for hosting, email, payments, monitoring, and support. We maintain agreements imposing equivalent data protection obligations. We will notify you of material sub-processor changes and provide an opportunity to object on reasonable grounds.

6. Security measures

Measures include TLS encryption, encryption at rest, tenant isolation, RBAC, audit logging, backup and recovery procedures, and access reviews. Details are available in our security documentation on request.

7. Personal data breaches

We will notify you without undue delay after becoming aware of a personal data breach affecting your tenant data, and provide information reasonably available to support your notification obligations.

8. International transfers

Where processing involves transfers outside the EEA/UK, the Standard Contractual Clauses (Module Two: Controller to Processor) are incorporated by reference, supplemented by Annex I and II descriptions available on request.

9. Audits

Upon reasonable written request, we will provide summaries of relevant certifications or audit reports, or allow questionnaire-based review, no more than once per year unless required by a supervisory authority.

10. Liability

Liability under this DPA is subject to the limitations in the Terms of Service. Each party remains responsible for its own compliance with applicable data protection law.

11. Precedence

If this DPA conflicts with the Terms regarding personal data processing, this DPA prevails. Otherwise the Terms govern.

Contact

Questions about this document: privacy@accupredix.com · Legal: legal@accupredix.com