Data Processing Agreement.
If your compliance team needs a DPA in place before using Partython AI, this page explains what it covers and how to request one.
What a DPA is
A Data Processing Agreement (DPA) is a contract that sets out how a service provider handles personal data on a customer's behalf. If your business is subject to data-protection laws such as the GDPR, a DPA with your vendors is usually a requirement before you can process customer data through their platform.
Our role
When you run AI agents on Partython, the end-user conversation data is processed on your behalf — you are the data controller, and Partython acts as the data processor. Our overall data practices are described in our Privacy Policy; a DPA puts the processor commitments that matter to your compliance team into a single, signable document.
What the DPA covers
The standard DPA addresses the scope and purpose of processing, confidentiality, the security measures we apply, how we handle data-subject requests and data-breach notification, the use of subprocessors, and what happens to data when the agreement ends. It is designed to be read alongside the Terms of Service and the Privacy Policy.
Subprocessors
Delivering the service involves a small set of trusted subprocessors — cloud hosting, payment processors, the AI providers that generate responses, and the messaging platforms. We maintain a published, self-serve subprocessor list (linked below) that names each vendor, what it does, the data it handles and where that data is processed. It is the canonical list referenced by this DPA.
How to request a DPA
Send us a request through the contact form, choosing the "DPA / Data Processing" topic, or email us directly. Let us know your company name and we'll send the agreement for review and signature. We typically respond within two business days.
Related
A DPA is best read alongside our other policies.