Data Processing Agreement (DPA) – Converd
Last updated: April 10, 2026
1. Subject Matter
This DPA governs processing of personal data by Converd on behalf of the Customer.
It applies to the Converd platform made available at https://converd.app.
2. Roles
Customer = Controller
Converd = Processor (for widget data)
For internal platform data (accounts, billing), Converd acts as Controller.
3. Processing
Processing includes:
- storing chat data
- processing AI requests
- managing sessions
- analytics within the application (non-tracking, operational only)
4. Instructions
Processing occurs only on documented instructions of the Controller.
5. Subprocessors
- Supabase
- Vercel
- Stripe
- Cloudflare
- Bunny.net
- OpenAI
All subprocessors comply with Art. 28 GDPR.
6. International Transfers
Transfers outside the EU are based on Standard Contractual Clauses (SCCs).
7. Security
We apply:
- encryption in transit
- access controls
- monitoring and authentication systems
8. Assistance
We assist the Controller with:
- data subject requests
- compliance obligations
- security incidents
9. Deletion
Data is deleted after termination unless legally required otherwise.
10. OpenAI Usage
Data processed via OpenAI APIs is not used to train AI models.