Last updated: 13 May 2026
This Data Processing Addendum ("DPA") supplements the Terms of Service between ASAP RESEARCH LABORATORIES LLC ("Processor") and the Customer ("Controller"). It applies whenever Aitelier processes personal data on the Customer's behalf in connection with the Service.
The Customer is the controller and Aitelier is the processor for end-caller and end-user data processed through the Customer's projects. Aitelier may engage sub-processors as listed below; new sub-processors will be announced with at least 30 days' notice.
A live list is maintained at aitelier.org/dpa. As of the effective date it includes: Hetzner Online GmbH, Cloudflare Inc., LiveKit Inc., Twilio Inc., OpenAI OpCo LLC, Anthropic PBC, Google LLC (fallback), LangFuse GmbH, Stripe Payments Europe Ltd, Resend Inc.
TLS 1.3 in transit, AES-256 at rest, row-level tenant isolation, least-privilege access, SSO + 2FA for production, structured audit logs, dependency scanning, secret rotation. Full technical and organisational measures (TOMs) are available on request.
Where a transfer outside the EEA is necessary, Aitelier relies on the European Commission's Standard Contractual Clauses (Module 2 controller-to-processor; Module 3 processor-to-processor) with supplementary measures.
Aitelier will assist the Customer in responding to data subject requests within the timeframes required by applicable law, taking into account the nature of the processing.
Aitelier will notify the Customer without undue delay, and in any case within 72 hours, of becoming aware of a personal data breach affecting Customer Personal Data.
The Customer may audit Aitelier's compliance with this DPA once per year, with at least 30 days' notice, during business hours, and subject to confidentiality.
On termination of the Service, Aitelier will delete or, at the Customer's written direction, return all Customer Personal Data within 30 days, except where retention is required by law.