ozeye

Data Processing Agreement

GDPR-compliant DPA for ozeye customers.

Why you might need a DPA

If you use ozeye to process personal data on behalf of your own customers or users, GDPR Article 28 requires a written Data Processing Agreement (DPA) between your company (the controller) and ozeye (the processor). This is non-negotiable under EU law for any business that handles personal data through our API.

If you are an individual developer experimenting with the API on your own data, a DPA is not legally required. Our Terms of Service cover your use of the platform.

What’s in our DPA

Our DPA template includes all mandatory GDPR Art. 28 clauses:

  • Subject matter, duration, nature, and purpose of processing
  • Types of personal data and categories of data subjects
  • Controller and processor rights and obligations
  • Subprocessor list (see our Subprocessors page) and notification terms for changes
  • Technical and organizational security measures (TOMs)
  • Personal data breach notification procedure (72-hour window per Art. 33)
  • Data subject rights assistance obligations
  • Return or deletion of data on contract termination
  • Audit and inspection rights
  • Liability and indemnification
  • Governing law: Dutch law, courts of Amsterdam

Key facts about processing at ozeye

  • Zero data retention on prompt and completion content. The content of your AI requests is never stored.
  • EU-only subprocessors. Mistral AI (FR), Scaleway (FR), OVHcloud (FR), Hetzner (DE), Mollie (NL).
  • No international transfers. All data stays in the EU/EEA. No SCCs required.
  • Encrypted at rest (Hetzner), TLS 1.3 in transit.
  • Breach notification within 72 hours per GDPR Art. 33.

How to request a DPA

Email privacy@ozeye.ai with the following information:

  • Your company legal name and registration number
  • Registered address
  • EU VAT number (if applicable)
  • Signatory contact (name, email, role)
  • ozeye account email (if you already have one)

We will send you a DPA pre-filled with your details within 5 business days. You can sign it electronically (we accept DocuSign, Scrive, or a simple signed PDF exchange), and we countersign within 2 business days.

Status: Pre-launch

ozeye B.V. is currently being incorporated as a Dutch private limited company. DPA execution will become available immediately once incorporation is complete. If you need a DPA urgently, email us and we’ll put you on the notification list.

Self-hosting (coming soon)

We are working on a fully self-hostable version of ozeye that you can deploy on your own infrastructure. With a self-hosted deployment, you act as both the controller and the processor, so a DPA with ozeye would not be required.

If self-hosting is important for your use case, contact us at hello@ozeye.ai to discuss your requirements and timeline.

Contact

For DPA requests, sub-processor questions, or general privacy inquiries: privacy@ozeye.ai