Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of our Terms of Service and governs the processing of personal data by Chutes on behalf of our customers.

Last updated: 2025-01-25

Overview

This DPA applies to the processing of personal data by Chutes in connection with our AI infrastructure services. This agreement ensures compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Controller" means the entity that determines the purposes and means of processing Personal Data.
  • "Processor" means the entity that processes Personal Data on behalf of the Controller.

Roles and Responsibilities

When you use our services, you are the Controller of any Personal Data you submit to our platform, and Chutes acts as the Processor of such data. We process your data only in accordance with your instructions as documented in our Terms of Service and this DPA.

Data Processing Obligations

As a Processor, Chutes will:

  • Process Personal Data only on documented instructions from you
  • Ensure that persons authorized to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to requests from Data Subjects exercising their rights
  • Delete or return Personal Data upon termination of the services
  • Make available all information necessary to demonstrate compliance

Sub-Processors

We may engage sub-processors to assist in providing our services. A list of our current sub-processors is available upon request. We will notify you of any changes to our sub-processors and provide you with an opportunity to object.

International Transfers

Personal Data may be transferred to and processed in countries outside your jurisdiction. We ensure that such transfers are made in compliance with applicable data protection laws, including through the use of Standard Contractual Clauses approved by the European Commission.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and audits
  • Incident response procedures
  • Employee training on data protection

Contact Us

If you have questions about this DPA or need to sign a custom agreement, please contact us:

[email protected]

Need a Custom DPA?

Enterprise customers can request a custom Data Processing Agreement.

Contact Legal Team