LEGAL

Data Processing Agreement (DPA)

Last updated: May 26, 2026

Section 01

What is a DPA?

A Data Processing Agreement (DPA) is a legal contract between AIFY LLC (the "Processor") and your workspace (the "Controller") that specifies how we handle personal data on your behalf.

This DPA is required by GDPR and forms an addendum to the Terms of Service. If you need a signed DPA, download the PDF and email it to us.

Need an AIFY-signed DPA? Email dpa@translangpro.com — we send within one business day.
Section 02

Definitions

ControllerYou — the party that determines the purposes and means of processing data.
ProcessorAIFY LLC — the party processing data on your behalf.
Sub-processorThird parties (AWS, Polar…) we use to provide the service.
Personal DataAny information that can identify an individual — email, IP, document content containing PII.
Section 03

Scope of processing

Categories of personal data:

  • User account info
  • Content of uploaded documents (may contain PII)
  • Usage metadata — IP, timestamps, user agent

Purpose of processing:

  • Providing document translation
  • Storing source files and translations per retention schedule
  • Customer support
  • Fraud detection, security

Duration: Throughout the lifetime of your workspace, plus 30 days after closure.

Section 04

AIFY's obligations

AIFY (Processor) agrees to:

  • Only process personal data according to the Controller's documented instructions.
  • Ensure that employees with access to personal data are bound by confidentiality.
  • Apply appropriate technical and organizational security measures.
  • Notify the Controller within 72 hours of a data breach.
  • Assist the Controller in responding to data subject requests.
  • Allow the Controller to audit — no more than once every 12 months, with 30 days notice.
  • Delete or return all personal data upon service termination.
Section 05

Sub-processors

AIFY authorizes the following sub-processors:

Sub-processorServiceRegion
Amazon Web ServicesHosting & storageEU (Frankfurt), APAC (Tokyo)
PolarSubscription billing and payment processingUSA
Cloudflare Inc.CDN, DDoS protectionGlobal
PostmarkTransactional emailUS

AIFY will notify the Controller 30 days before adding a new sub-processor.

Section 06

International transfers

Any transfers of personal data outside the EEA are protected by EU Standard Contractual Clauses (SCCs) per European Commission Decision 2021/914.

AIFY has signed SCCs with all sub-processors processing data outside the EEA.

Section 07

Appendix A: Security measures

Encryption

  • AES-256 at-rest
  • TLS 1.3 in transit
  • Encryption keys managed by AWS KMS

Access controls

  • MFA required for all employees
  • Principle of least privilege
  • Audit logs of all actions involving personal data

Operations

  • Daily encrypted backups, retained 35 days
  • Periodic penetration testing
  • SOC 2 Type II audit (planned)
  • Bug bounty program

Incident response

  • 24/7 on-call rotation
  • Data breach notification within 72 hours
  • Public post-mortems for all major incidents
Legal contact
AIFY LLC · 1001 S. Main St., STE 600 · Kalispell, MT 59901 · USA
support@translangpro.com