Data Processing Agreement (DPA)
Last updated: April 14, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service.
1. Roles
- You are the Data Controller
- Noryen is the Data Processor
2. Scope
We process data only to:
- Provide the service
- Store and display traces
- Perform AI analysis when requested
3. Types of Data
- Prompts and AI responses
- Metadata (latency, cost, timestamps)
- Optional user-provided metadata
4. Processing Instructions
We process data only according to:
- Your use of the platform
- Your API requests
5. Subprocessors
We may use subprocessors for:
- Hosting
- Databases
- AI providers
All subprocessors are required to comply with GDPR.
6. Security
We implement:
- Access controls
- Encryption where appropriate
- Monitoring and logging
7. Data Subject Rights
We assist you in fulfilling:
- Access requests
- Deletion requests
- Correction requests
8. Data Retention
Data is retained only as long as necessary for service operation.
9. Data Breach
We will notify you without undue delay after becoming aware of a breach.
10. International Transfers
If data is transferred outside the EU, we ensure appropriate safeguards.
11. Contact
Location: Bulgaria