compliance

Data processing agreement(AVV / DPA)

A Data Processing Agreement (DPA) is the legal contract that governs how a provider processes personal data on behalf of the customer — GDPR-mandatory for any AI vendor.

Also known as: Auftragsverarbeitungsvertrag, Data Processing Agreement

In detail

When your employees or customers interact with our AI agent, we process personal data on your behalf. The DPA (GDPR Art. 28) defines:

What is processed (data types, purpose)
How long (retention, deletion)
Where (EU hosting, no third-country transfer without safeguards)
Sub-processors (e.g. AWS Bedrock EU, Anthropic) — all transparently listed
Technical measures (encryption, access)

You get the DPA by default — no markup, no negotiations.

Related terms

Guardrail
A guardrail is a safety layer between user and language model that blocks unwanted inputs or outputs — e.g. PII leaks, prompt injection, or off-topic requests.
AI agent
An AI agent is a program built on a language model that completes tasks on its own: it understands a request, plans steps, calls tools, and responds with a result instead of just text.
Context window
The context window is the maximum amount of text (measured in tokens) a language model can process at once — typically 128k to 1M tokens with current models.