Data Processing Agreement (DPA)
Processing agreement under Art. 28 GDPR, applicable when the Customer processes third-party personal data via Orizen. This English version is a courtesy translation; the French version prevails.
Dernière mise à jour : 22 May 2026
This DPA forms part of the Terms between the Customer (« Controller ») and Rémy Magne (sole trader) (« Processor », the « Publisher »).
1. Roles of the parties
The Customer is the controller; the Publisher is the processor (Art. 4 and 28 GDPR).
2. Subject, duration, nature, purpose
- Subject: data processing to deliver Orizen.
- Duration: subscription term + reversibility.
- Nature/purpose: hosting, storage, organisation, access, AI analysis.
3. Data and data subjects
Determined by the Customer (identification, contact, business and commercial data, content). Data subjects: the Customer's clients, prospects, employees, partners. No special-category data (Art. 9) without a legal basis and prior notice.
4. Publisher's obligations
- Process only on the Customer's documented instructions.
- Confidentiality; access limited to authorised personnel.
- Security measures (Art. 32): encryption, isolation, access control, logging.
- Assistance with data-subject requests (Art. 12–22) and obligations (Art. 32–36).
- Breach notification without undue delay.
- Deletion or return of data at the end of the engagement.
- Provision of information and reasonable audit rights.
5. Subprocessors
Authorised: Clerk, Stripe, Supabase, Vercel, Resend, Groq, Mistral, Google (Gemini). Prior notice of changes.
6. Transfers outside the EU
Appropriate safeguards (Standard Contractual Clauses and/or Data Privacy Framework).
7. Liability
Each party is liable under Art. 82. The Terms' limitations apply within the limits of the law.
8. Acceptance
Acceptance of the Terms constitutes acceptance of this DPA. Signed copy on request: contact@orizen.cloud.