Data Processing Agreement

Pyctura processes personal data solely to provide the service described in the Terms of Service. The nature of processing includes: storing account information; processing uploaded data files to generate reports; and logging usage data for service improvement.

Pyctura agrees to: process personal data only on documented instructions from the Controller; ensure persons authorized to process data are bound by confidentiality; implement appropriate technical and organizational security measures; assist the Controller in responding to data subject rights requests; delete or return all personal data upon termination; and make available all information necessary to demonstrate compliance.

Pyctura uses the following sub-processors: Supabase (database and storage), Vercel (hosting and CDN), Anthropic (AI analysis features). All sub-processors are bound by data processing agreements consistent with GDPR requirements.

Personal data may be transferred to and processed in the United States and other countries where our sub-processors operate. Such transfers are conducted under appropriate safeguards including Standard Contractual Clauses where required.

Pyctura implements: TLS encryption for data in transit; encryption for data at rest; access controls and authentication; regular security reviews; and incident response procedures.

Pyctura will notify the Controller without undue delay, and in any event within 72 hours, of becoming aware of a personal data breach affecting the Controller's data.

Upon termination of the agreement, Pyctura will delete all personal data belonging to the Controller within 30 days, unless retention is required by law.

DPA enquiries and data protection questions: hello@pyctura.ai