Data Processing Agreement (DPA)
1. Purpose and scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service and applies to the processing of personal data by Clodei as a processor on behalf of the customer as controller, in accordance with the GDPR and other applicable data protection laws.
In case of conflict between this DPA and the Terms of Service, this DPA governs with respect to data protection obligations. Annex 1 (Processing Details) and Annex 2 (Security Measures) form part of this DPA.
2. Processing instructions
Clodei will process personal data only on documented instructions from the controller, including those set out in this DPA and the Terms of Service, unless required by law.
3. Confidentiality
Clodei ensures that personnel authorized to process personal data are bound by confidentiality obligations and receive appropriate training.
4. Security measures
Clodei will implement appropriate technical and organizational measures as described in Annex 2 to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
5. Subprocessors
Clodei may use subprocessors for infrastructure, payment processing, email delivery, monitoring, and support. We maintain a list of subprocessors and provide it upon request. We will notify customers of material changes when required by law.
6. Assistance
Clodei will assist the controller with data subject requests and compliance obligations (including DPIAs and prior consultations) to the extent required by law, taking into account the nature of processing and available information.
7. International transfers
Where transfers outside the EEA occur, Clodei will use appropriate safeguards such as Standard Contractual Clauses or other approved transfer mechanisms.
8. Audits and compliance
Clodei will provide information necessary to demonstrate compliance with this DPA. Audits may be requested by the controller where legally required and subject to reasonable confidentiality, security, and scheduling requirements.
9. Return or deletion
Upon termination of the Services, Clodei will delete or return personal data in accordance with the Terms and applicable law, unless retention is required by law.
10. Liability
The liability provisions in the Terms of Service apply to this DPA, unless otherwise required by applicable law.
11. Contact
For DPA questions, contact support@clodei.com.
Annex 1: Processing details
| Category | Details |
|---|---|
| Subject matter | Provision of GPU compute Services and related support. |
| Duration | For the term of the Services and any required retention period. |
| Nature of processing | Hosting, processing, storage, transmission, and deletion of data. |
| Purpose | Deliver, secure, bill, and support the Services. |
| Categories of personal data | Account data, billing data, usage data, log data, and customer-provided content. |
| Categories of data subjects | Customers, customer users, and end users of customer applications. |
Annex 2: Security measures
- Encryption in transit and at rest where applicable.
- Access controls, MFA, and least-privilege policies.
- Network segmentation and workload isolation.
- Logging, monitoring, and alerting for anomalous activity.
- Backups and disaster recovery procedures.
- Incident response and breach notification workflows.
- Regular security reviews and vulnerability management.