This page displays a summary of our Data Processing Agreement. The full DPA is available upon request and within the Klairr application.
Overview
Our DPA governs the processing of personal data by Klairr (Processor) on behalf of the Customer (Controller) in compliance with GDPR Article 28.
Processing Activities
We process personal data for AI query processing, query execution, answer storage, platform operation, and support. Result samples are limited to 20 rows per question.
Sub-Processors
| Sub-Processor | Purpose | Location |
|---|---|---|
| Anthropic, PBC | AI model processing | United States |
| Amazon Web Services | Cloud infrastructure | EU (Frankfurt) |
| MongoDB Atlas | Database hosting | EU |
| Stripe, Inc. | Payment processing | United States / EU |
International Transfers
Transfers to the US (Anthropic, Stripe) are governed by EU Standard Contractual Clauses. UK transfers use the UK IDTA/UK Addendum. Application data remains in the EU.
Security Measures
Encryption at rest and in transit, role-based access control, multi-tenant isolation, read-only query enforcement, audit logging, and credential protection.
Request the Full DPA
For the complete Data Processing Agreement, contact us at legal@klairr.com.