Delfhos Logo

Data Processing Agreement (DPA)

Effective Date: May 22, 2025

Part of: the Terms of Service between the Customer ("Controller") and David Serrano Díaz, acting under the trade name "Delfhos" ("Processor").

  1. Subject Matter and Scope

    This Data Processing Agreement ("Agreement") governs the processing of personal data by Delfhos on behalf of the Customer in connection with the provision of the Delfhos software-as-a-service platform, including but not limited to database querying, CRM access, ERP integrations, and AI-assisted business data operations (the "Service").

  2. Roles and Responsibilities
    • The Customer acts as the Data Controller, determining the purpose and means of the data processing.
    • Delfhos, operated by David Serrano Díaz (NIF: 03226056F), acts as the Data Processor.
    • Both parties agree to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
  3. Nature and Purpose of Processing
    • Purpose: To process user-generated requests and provide AI-assisted responses based on the Customer's business systems and connected data sources.
    • Nature of Processing: Real-time access to, and processing of, structured and unstructured business data across various integrated platforms (e.g., databases, CRMs, ERPs, messaging tools).
    • Duration: Processing occurs on demand and is limited to the active session.
    • Types of Personal Data: May include names, emails, customer details, employee records, sales, financial or operational data, depending on connected systems.
    • Categories of Data Subjects: Data subjects may include the Customer's employees, clients, users, suppliers, or other stakeholders as determined by the Controller.
  4. Data Handling and Security

    Delfhos implements the following data protection measures:

    • End-to-end encryption of all connection credentials using Fernet or equivalent industry-standard encryption.
    • No persistent storage of credentials, business data, or result sets. Access occurs only in real time, when explicitly triggered by the user.
    • Temporary session logs: Delfhos logs user-issued queries (in natural language) during the session to enable usability features (e.g., download history). These logs:
      • Do not include response data or any retrieved business content.
      • Are automatically discarded when the browser session ends.
    • All data in transit is protected using secure protocols (HTTPS/TLS).
    • Internal access is restricted to authorized personnel only and protected by role-based access controls.
  5. Sub-processors

    The following third-party services are used in the delivery of the Service:

    • Vercel Inc. – Application hosting and serverless infrastructure (EU region)
    • Stripe Inc. – Payment and billing platform

    Each sub-processor is bound by contractual obligations ensuring data protection equivalent to those under this Agreement and Article 28 of the GDPR.

  6. Assistance with Data Subject Rights

    Delfhos will provide reasonable assistance to the Customer in responding to requests from data subjects exercising their rights under the GDPR, including access, rectification, erasure, portability, and restriction of processing, where technically feasible.

  7. Personal Data Breaches

    In the event of a data breach affecting personal data processed under this Agreement, Delfhos will notify the Customer without undue delay and provide relevant details to support compliance with Articles 33 and 34 of the GDPR.

  8. Confidentiality

    All personal data is treated as confidential. Delfhos ensures that its personnel and subprocessors are subject to confidentiality obligations and receive appropriate training on data protection.

  9. Return or Deletion of Data

    Upon termination of the Service or at the Customer's written request, Delfhos will ensure the deletion or anonymization of all personal data processed on behalf of the Customer, unless retention is required by applicable law.

  10. Governing Law and Jurisdiction

    This Agreement shall be governed by and interpreted in accordance with the laws of Spain. Any disputes arising shall be subject to the exclusive jurisdiction of the courts of Madrid, Spain.

  11. Acceptance and Incorporation

    This Agreement is incorporated by reference into and forms part of the Delfhos Terms of Service and is accepted upon use of the Service.