Saturiq logoSaturiq
Back to home
Legal

Data Processing Agreement

The DPA governing Saturiq's processing of personal data on behalf of customers, in accordance with the GDPR.

Last updated: May 28, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between you (the "Controller") and Incodea Ltd. operating Saturiq (the "Processor") for the processing of personal data on the Controller's behalf in connection with the Service.

1. Definitions

Terms not defined here have the meaning given to them in the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR").

2. Subject matter and duration

The Processor processes personal data on behalf of the Controller solely for the purpose of providing the Service, for the duration of the underlying agreement.

3. Nature and purpose of processing

  • Provisioning and operation of the Service.
  • Generation of AI-based analyses requested by the Controller.
  • Support, troubleshooting, and platform improvement.

4. Categories of data subjects

  • Controller's authorized users.
  • Visitors and end users whose data the Controller submits to the Service.

5. Categories of personal data

  • Contact details (such as name and email).
  • Account and usage metadata.
  • Content submitted by the Controller for analysis.

6. Processor obligations

  • Process personal data only on documented instructions from the Controller.
  • Ensure persons authorized to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational measures as described in our Security page.
  • Assist the Controller in meeting GDPR obligations regarding security, breach notification, DPIAs, and data-subject rights.
  • Delete or return personal data at the end of the provision of services, unless legally required to retain it.

7. Sub-processors

The Controller provides a general authorization for the Processor to engage sub-processors required to deliver the Service. A current list of sub-processors is available upon request. The Processor remains liable for the acts and omissions of sub-processors.

8. International transfers

Where personal data is transferred outside the EU/EEA, the Processor relies on Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission.

9. Security measures

The Processor maintains administrative, technical, and physical safeguards designed to protect personal data, as further described in the Security page.

10. Personal data breach

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting Controller data, and will provide information reasonably needed for the Controller to comply with its notification obligations.

11. Audits

Upon reasonable written request, the Processor will make available information necessary to demonstrate compliance with this DPA, subject to confidentiality obligations.

12. Contact

DPA-related requests should be sent to dpa@saturiq.com.