Why Our Platform
Our Product
Use Cases
Contact with an expert

Data Processing Agreement

This Data Protection Agreement (“DPA”) forms part of and is subject to the applicable terms of the main Subscription Agreement (hereinafter the “Agreement”) between Renaiss AI Solutions, S.L. (“Renaiss”) and Customer.

1. Subject Matter & Term

1.1. This DPA governs the processing of Personal Data by Renaiss on behalf of Customer in connection with Customer’s use of the Services.

1.2. It remains in effect for the duration of the Agreement.

2. Roles of the Parties

2.1. Customer acts as the Data Controller.

2.2. Renaiss acts as the Data Processor, processing Personal Data solely on behalf of and in accordance with Customer’s instructions.

3. Nature and Purpose of Processing

3.1. Purpose: To provide AI infrastructure services, including workload execution, document analysis, data querying, and related functions without limitation and as defined in the Platform.

3.2. Processing operations: Storage, access, querying, transformation, retrieval, transmission, and deletion of data.

3.3. Duration: For as long as Customer uses the RenForce platform.

4. Categories of Data Subjects & Personal Data

4.1. The specific nature of the processing and types of personal data will depend on the workloads defined by Customer.

4.2. Customer agrees to only provide accurate and complete information that is up to date.

5. Processor Obligations

5.1. Renaiss shall:

5.1.1. Process data only on documented instructions from Customer;

5.1.2. Ensure persons authorized to process data are bound by confidentiality;

5.1.3. Implement appropriate technical and organizational measures to ensure data security;

5.1.4. Assist Customer in responding to requests from Data Subjects (i.e., access, erasure);

5.1.5. Assist with data protection impact assessments (“DPIAs”);

5.1.6. Upon termination, delete or return all personal data as directed by Customer; 5.1.7. Maintain records of processing activities; and

5.1.8. Promptly notify Customer in case of a personal data breach.

6. Subprocessors

6.1. Customer authorizes Renaiss to engage the subprocessors listed herein.

6.2. Renaiss shall ensure subprocessors are contractually bound by data protection terms at least as protective as those in this DPA.

6.3. Renaiss shall notify Customer of any intended changes to subprocessors. Customer may object in writing within 10 days.

7. Transfers Outside the EEA

7.1. If any processing involves the transfer of personal data to a third country not recognized as offering an adequate level of protection, Renaiss shall ensure appropriate safeguards (i.e., Standard Contractual Clauses or other mechanisms approved under Article 46 GDPR).

8. Audits and Inspections

8.1. Upon reasonable request and subject to confidentiality, Customer may audit Renaiss’s compliance with this DPA once per year or after a confirmed breach.

8.2. Audits may be conducted by Customer or a third party bound by confidentiality obligations.

9. Security Measures

9.1. Renaiss implements measures appropriate to the risk, including:

9.1.1. Data encryption in transit and at rest.

9.1.2. Access control and role-based permissions.

9.1.3. Regular vulnerability assessments.

9.1.4. Logical data separation Customer.

9.1.5. Activity logging and monitoring.

9.1.6. Detailed documentation may be provided upon request.

10. Liability

10.1. Renaiss’s liability under this DPA is subject to the limitations and exclusions set out in the Agreement.

11. Miscellaneous

11.1. In the event of a conflict between this DPA and other documents, the DPA prevails in matters related to personal data processing.

11.2. This DPA is governed by the laws of Spain, and disputes shall be submitted to the courts of Madrid unless otherwise agreed.

SUBPROCESSORS LIST

Effective Date: April 14th, 2025

Renaiss AI Solutions, S.L. engages a carefully selected set of third-party service providers (the “Subprocessors”) to process personal data on behalf of Customer.

This page lists our current subprocessors, as required by Article 28 of the GDPR.

1. Current Subprocessors

● Amazon Web Services (AWS)

○ Location: Ireland (EU)

○ Purpose: Cloud infrastructure and data hosting

○ Data Access: Yes

○ Transfer Mechanism: Intra-EU (no transfer)

● Google Cloud Platform (GCP)

○ Location: Belgium (EU)

○ Purpose: Cloud infrastructure and data hosting

○ Data Access: Yes

○ Transfer Mechanism: Intra-EU (no transfer)

● Stripe, Inc.

○ Location: United States

○ Purpose: Payment processing

○ Data Access: Billing metadata only

○ Transfer Mechanism: Standard Contractual Clauses (SCCs)

● Sentry.io

○ Location: United States

○ Purpose: Error monitoring & logging (anonymized)

○ Data Access: Limited (pseudonymized)

○ Transfer Mechanism: Standard Contractual Clauses (SCCs)

● Google Analytics

○ Location: United States

○ Purpose: Payment processing

○ Data Access: Billing metadata only

○ Transfer Mechanism: Standard Contractual Clauses (SCCs)

2. Subprocessor Commitments

All subprocessors are contractually bound by terms that:

● Require processing only on Renaiss instructions;

● Mandate compliance with applicable data protection laws;

● Include confidentiality obligations;

● Impose security measures aligned with GDPR standards.

3. Change Management & Objection Rights

Renaiss may engage new subprocessors or make changes to this list. Customer will be notified at least 10 business days in advance of any intended changes.

Customer may object to a new Subprocessor by submitting a written objection to legal@renaiss.ai within the 10-day period, providing reasonable grounds relating to data protection concerns. Renaiss will work in good faith to address such concerns.

For more information or to subscribe to subprocessor updates, please contact: legal@renaiss.ai