título

Este Dados Processing Agreement ("DPA") forms part of o/a Termos of Serviço between RouterShift ("Processor" or "we") and o/a customer ("Controller" or "you"). Este DPA governs o/a processing of Pessoal Dados that você provide para us through seu/sua use of o/a RouterShift API gateway and related serviços (the "Services"). Este DPA applies where and para o/a extent that RouterShift processes Pessoal Dados ativado seu/sua behalf as a Processor, and where o/a GDPR, UK GDPR, CCPA, or outro applicable dados protection laws apply.

"Personal Data" means any information relating para an identified or identifiable natural person processed by RouterShift ativado seu/sua behalf in conexão with o/a Services. "Processing" means any operação performed ativado Pessoal Data, whether or not by automated means. "Sub-processor" means any third-party engaged by RouterShift para process Pessoal Dados ativado seu/sua behalf. "Data Protection Laws" means todos applicable privacy and dados protection laws, including o/a GDPR, UK GDPR, CCPA, and their implementing regulations. Capitalized termos not defined in este DPA have o/a meanings given in o/a Termos of Service.

RouterShift processes Pessoal Dados solely for o/a purpose of providing, maintaining, and improving o/a API gateway services. Processing activities include: (a) roteamento API requisições para third-party AI modelo provedores as directed by you; (b) logging API requisições for debugging, billing, and abuse prevention; (c) generating uso analytics and billing records; (d) authenticating API chaves and managing usuário accounts. O/a categories of Pessoal Dados processed depend ativado seu/sua use of o/a Serviços and may include: API requisição payloads (which may contain pessoal dados embedded in prompts), API chave identifiers, e-mail addresses (for account management), IP addresses (for taxa limiting and security), and pagamento information (processed by our pagamento processor, not stored by us).

As o/a Controller, você are responsible for: (a) determining o/a purposes and means of processing Pessoal Dados through o/a Services; (b) ensuring você have a lawful basis for processing any Pessoal Dados você enviar para o/a Services, including obtaining necessary consents; (c) providing appropriate notice para dados subjects about seu/sua use of RouterShift as a processor; (d) not submitting special categories of pessoal dados (as defined in GDPR Article 9) or dados relating para criminal convictions unless explicitly agreed in writing; (e) complying with seu/sua own obligations under applicable Dados Protection Laws, including dados subject rights requests.

RouterShift shall: (a) process Pessoal Dados only ativado seu/sua documented instructions, including those in este DPA and o/a Termos of Service; (b) ensure that persons authorized para process Pessoal Dados are bound by confidentiality obligations; (c) implement and maintain appropriate technical and organizational measures as described in Seção 6 of our Privacy Política (Security Measures); (d) assist você in responding para dados subject rights requisições where possible, forward any such requisições we receive directly para você promptly; (e) assist você in complying with seu/sua obligations regarding dados breach notification, dados protection impact assessments, and prior consultation with supervisory authorities, taking into account o/a nature of processing and information disponível para us; (f) excluir or return todos Pessoal Dados para você upon termination of o/a Services, except where retention is obrigatório by applicable law; (g) make disponível para você todos information necessary para demonstrate compliance with este DPA and allow for and contribute para audits, including inspections, conducted by você or an independent auditor mandated by você (subject para reasonable notice, escopo limitations, and confidentiality).

Você authorize RouterShift para engage o/a following categories of sub-processors: (a) cloud infrastructure provedores (for hosting and compute); (b) third-party AI modelo provedores (to whom API requisições are routed as part of o/a Services); (c) pagamento processors (for billing and payments); (d) e-mail serviço provedores (for transactional emails); (e) monitoring and analytics providers. A atual lista of sub-processors is disponível at routershift.com/subprocessors. RouterShift will inform você of any intended changes para sub-processors by updating este list. Você may object para a novo sub-processor within 14 dias of notificação by terminating o/a Services. RouterShift enters into written agreements with todos sub-processors containing dados protection obligations não less protective than those in este DPA. RouterShift remains liable for o/a acts and omissions of its sub-processors.

Pessoal Dados may be transferido para and processed in countries outside o/a European Economic Area (EEA), o/a United Kingdom, or seu/sua country of residence. Where such transfers occur, they are governed by: (a) Padrão Contractual Clauses (SCCs) aprovado by o/a European Comissão (Commission Implementing Decision 2021/914/EU for transfers para third countries); (b) o/a UK International Dados Transferir Addendum para o/a EU SCCs, where UK GDPR applies; and/or (c) outro válido transferir mechanisms recognized under applicable Dados Protection Laws. O/a SCCs are incorporated by reference into este DPA. For o/a purposes of o/a SCCs: Module Two (Controller para Processor) applies; o/a optional docking clause is included; o/a governing law is Ireland; and disputes shall be resolved by o/a courts of Ireland.

RouterShift retains Pessoal Dados as follows: (a) API requisição logs (including prompts and responses) for 90 days, after which they are aggregated or deleted; (b) billing and pagamento registros for o/a período obrigatório by applicable tax and accounting regulations (typically 7 years); (c) account information for o/a duration of seu/sua account plus 30 dias after account deletion, after which it is anonymized or deleted. Upon termination, RouterShift will excluir todos Pessoal Dados within 30 days, except where retention is obrigatório by law. Você may requisição earlier deletion of specific Pessoal Dados by contacting privacy@routershift.com. Deletion does not apply para dados that has been aggregated, anonymized, or is necessary for o/a establishment, exercise, or defense of legal claims.

RouterShift maintains a segurança incident resposta plan. In o/a event of a Pessoal Dados Breach, RouterShift shall: (a) notify você without undue delay, and in any event within 72 horas of becoming aware of o/a breach; (b) provide você with a descrição of o/a nature of o/a breach, o/a categories and approximate number of dados subjects and registros concerned, o/a likely consequences, and o/a measures taken or proposed para address o/a breach; (c) cooperate with você in investigating and mitigating o/a breach; (d) assist você in notifying supervisory authorities and dados subjects where required. Notificação will be enviado para o/a e-mail address associated with seu/sua account. Você are responsible for keeping este contato information current.

Este DPA enters into effect ativado o/a data você accept o/a Termos of Serviço and continues until termination of seu/sua account or termination of o/a DPA in accordance with its terms. Either party may terminate este DPA with immediate effect if o/a outro party commits a material breach that is not remedied within 30 dias of written notice. Upon termination, RouterShift shall, at seu/sua choice, excluir or return todos Pessoal Dados para you, and excluir todos existing copies unless retention is obrigatório by applicable law. O/a obligations in este DPA that by their nature should survive termination shall survive, including confidentiality, dados security, and limitation of liability provisions.