DATA PROCESSING ADDENDUM

This Data Processing Addendum ("DPA") forms part of the Terms of Use between DIT.ai ("Service Provider") and the customer ("Customer"). In the event of any conflict between this DPA and the Terms of Use, this DPA shall prevail with respect to data protection matters.

1. Roles of the Parties

The Customer acts as the data controller with respect to Customer Data.

DIT.ai acts as a data processor solely to the extent it processes Customer Data on behalf of the Customer for the provision of the Service.

DIT.ai acts as an independent data controller with respect to:

  • account management and authentication
  • billing, invoicing, and payment processing
  • fraud prevention, abuse monitoring, and security
  • service operations, routing, performance optimization, and infrastructure management
  • system logging, telemetry, and service integrity monitoring

2. Scope of Processing

DIT.ai processes personal data only as necessary to provide API routing, compute services, and related platform functionality.

Processing may include transmission of inputs and outputs to third-party providers. Categories of personal data and data subjects are described in the Privacy Policy.

3. Instructions

DIT.ai processes Customer Data only on documented instructions from the Customer, including as set out in the Terms of Use, except where such processing is necessary to provide, secure, maintain, route, optimize, or ensure service reliability in accordance with the Terms of Use.

4. Subprocessors

Customer authorizes DIT.ai to engage third-party infrastructure vendors, compute providers, and model providers in connection with the Service.

Such providers may act as subprocessors, independent service providers, or independent controllers depending on the nature of the processing and the applicable service arrangement.

DIT.ai will impose appropriate data protection obligations where such providers act as subprocessors.

DIT.ai shall determine the applicable classification in accordance with the nature of the processing and the provider’s role in delivering the Service.

5. Data Transfers

DIT.ai may transfer personal data internationally, including to the United States.

Where required, DIT.ai implements appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

6. Security Measures

DIT.ai implements reasonable technical and organizational measures to protect personal data, taking into account the nature of the processing and the risks involved.

7. Data Subject Rights

DIT.ai will assist Customer in responding to data subject requests to the extent legally required and technically feasible.

8. Data Retention

DIT.ai retains personal data only as necessary to provide services and comply with legal obligations, as further described in the Privacy Policy.

9. Deletion

Upon termination, DIT.ai will delete or return personal data in accordance with Customer instructions, unless retention is required by applicable law or reasonably necessary for:

  • billing and invoicing
  • security and fraud prevention
  • abuse detection and service integrity
  • compliance with legal or regulatory obligations
  • service continuity and operational integrity

10. Liability

Liability under this DPA is subject to the limitations set forth in the Terms of Use, including any exclusions and caps on liability.