Data Processing Agreement (DPA)
1. Purpose and scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service and applies to the processing of personal data by NeuralNet as a processor on behalf of the customer as controller, in accordance with the GDPR and other applicable data protection laws.
In case of conflict between this DPA and the Terms of Service, this DPA governs with respect to data protection obligations. Annex 1 (Processing Details) and Annex 2 (Security Measures) form part of this DPA.
2. Processing instructions
NeuralNet will process personal data only on documented instructions from the controller, including those set out in this DPA and the Terms of Service, unless required by law.
3. Confidentiality
NeuralNet ensures that personnel authorized to process personal data are bound by confidentiality obligations and receive appropriate training.
4. Security measures
NeuralNet will implement appropriate technical and organizational measures as described in Annex 2 to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
5. Subprocessors
NeuralNet may use subprocessors for infrastructure, payment processing, email delivery, monitoring, and support. We maintain a list of subprocessors and provide it upon request. We will notify customers of material changes when required by law.
6. Assistance
NeuralNet will assist the controller with data subject requests and compliance obligations (including DPIAs and prior consultations) to the extent required by law, taking into account the nature of processing and available information.
7. International transfers
Where transfers outside the EEA occur, NeuralNet will use appropriate safeguards such as Standard Contractual Clauses or other approved transfer mechanisms.
8. Audits and compliance
NeuralNet will provide information necessary to demonstrate compliance with this DPA. Audits may be requested by the controller where legally required and subject to reasonable confidentiality, security, and scheduling requirements.
9. Return or deletion
Upon termination of the Services, NeuralNet will delete or return personal data in accordance with the Terms and applicable law, unless retention is required by law.
10. Liability
The liability provisions in the Terms of Service apply to this DPA, unless otherwise required by applicable law.
11. Contact
For DPA questions, contact neuralnetx.ai@gmail.com.
Annex 1: Processing details
| Category | Details |
|---|---|
| Subject matter | Provision of GPU compute Services and related support. |
| Duration | For the term of the Services and any required retention period. |
| Nature of processing | Hosting, processing, storage, transmission, and deletion of data. |
| Purpose | Deliver, secure, bill, and support the Services. |
| Categories of personal data | Account data, billing data, usage data, log data, and customer-provided content. |
| Categories of data subjects | Customers, customer users, and end users of customer applications. |
Annex 2: Security measures
- Encryption in transit and at rest where applicable.
- Access controls, MFA, and least-privilege policies.
- Network segmentation and workload isolation.
- Logging, monitoring, and alerting for anomalous activity.
- Backups and disaster recovery procedures.
- Incident response and breach notification workflows.
- Regular security reviews and vulnerability management.