White bowtie with confident AI written on the right sideConfident AI
Products
downwards facing arrow
LLM Evaluation

Benchmark LLM systems to optimize on prompts, models, and catch regressions with metrics powered by DeepEval.

LLM Observability

Monitor, Trace, A/B Test, and get real-time production performance insights with best-in-class LLM Evaluations.

BlogDocsPricingCareers
10k+Sign Up Now

Data Processing Addendum #

Last Modified: Sep 15, 2025

This Data Processing Addendum ("DPA") forms part of the Agreement between:

  • Customer (the "Data Controller")

  • Confident AI, Inc. (the "Data Processor")

  • Together, the "Parties"

Recitals #

  • The Customer acts as a Data Controller.

  • Confident AI provides Application Services that involve the Processing of Personal Data on behalf of the Customer.

  • The Parties seek to implement a data processing agreement that complies with GDPR (Regulation (EU) 2016/679) and other applicable Data Protection Laws.

  • The Parties wish to lay down their respective rights and obligations regarding such Processing.

1. Definitions and Interpretation #

  • "Agreement" – this Data Processing Addendum and all Schedules.

  • "Customer Personal Data" – personal data processed by Confident AI on behalf of the Customer.

  • "Subprocessor" – any third party engaged by or on behalf of Confident AI to process Customer Personal Data.

  • "Data Protection Laws" – EU Data Protection Laws and other applicable privacy laws.

  • "EEA" – the European Economic Area.

  • "EU Data Protection Laws" – EU Directive 95/46/EC, as amended or replaced, including the GDPR.

  • "GDPR" – EU General Data Protection Regulation 2016/679.

  • "Data Transfer" means:

    • a transfer of Customer Personal Data from the Customer to Confident AI; or

    • an onward transfer of Customer Personal Data from Confident AI to a Subprocessor, or between two establishments of Confident AI, where such transfer would otherwise be restricted.

  • "Services" – the application, evaluation, monitoring, analytics, and related AI infrastructure services provided by Confident AI.

  • Terms such as "Commission", "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Processing", and "Supervisory Authority" shall have the same meaning as in the GDPR.

2. Processing of Customer Personal Data #

  • Confident AI shall:

    • comply with all applicable Data Protection Laws.

    • only process Customer Personal Data on the Customer’s documented instructions.

  • The Customer instructs Confident AI to process Customer Personal Data as necessary to provide the Services.

3. Personnel #

  • Confident AI shall:

    • ensure the reliability of staff with access to Customer Personal Data.

    • restrict access only to those who need it for the Agreement.

    • bind all personnel to confidentiality undertakings or statutory obligations.

4. Security #

  • Confident AI shall:

    • implement appropriate technical and organizational measures consistent with Article 32 GDPR.

    • assess risks from Processing, including risks of a Personal Data Breach.

5. Subprocessing #

  • Confident AI shall:

    • not appoint or disclose Customer Personal Data to a Subprocessor without authorization.

    • ensure all Subprocessors are bound by equivalent data protection obligations.

6. Data Subject Rights #

  • Confident AI shall:

    • assist the Customer in responding to Data Subject requests.

    • promptly notify the Customer if such a request is received.

    • not respond directly except on the Customer’s instructions or where legally required.

7. Personal Data Breach #

  • Confident AI shall:

    • notify the Customer without undue delay upon becoming aware of a Personal Data Breach.

    • include sufficient details to enable the Customer to meet reporting obligations.

    • cooperate in investigation, mitigation, and remediation.

8. Data Protection Impact Assessments #

  • Confident AI shall provide reasonable assistance with:

    • Data Protection Impact Assessments under GDPR Article 35.

    • Prior consultations with supervisory authorities under GDPR Article 36.

9. Deletion or Return of Customer Personal Data #

  • Upon cessation of Services (“Cessation Date”):

    • Confident AI shall delete or return all Customer Personal Data within 10 business days.

    • Confident AI shall provide written certification of deletion within 10 business days of the Cessation Date.

10. Audit Rights #

  • Confident AI shall:

    • make available information necessary to demonstrate compliance.

    • allow for and contribute to audits or inspections by the Customer or its auditor.

  • Audit rights apply only where not otherwise covered by the Agreement.

11. Data Transfers #

  • Confident AI shall:

    • not transfer Customer Personal Data outside the EU/EEA without prior written consent.

    • rely on Standard Contractual Clauses (SCCs) or other lawful mechanisms where transfers occur.

12. General Terms #

  • Confidentiality:

    • Each Party shall keep Confidential Information secure.

    • Disclosure is permitted only if required by law or if the information is already public.

  • Notices:

    • Must be in writing.

    • Delivered personally, by post, or by email to the addresses provided by the Parties.

13. Governing Law and Jurisdiction #

  • This DPA is governed by the laws of the State of California.

  • Disputes shall be handled exclusively by the state and federal courts in San Francisco, California.

alt="White bowtie with confident AI written on the right side"Confident AI
Copyright @ 2025 Confident AI Inc. All rights reserved.
Linked InGithub iconDiscord IconX Icon
SOC2 Type II CompliantSOC2 Type I CompliantHIPAA CompliantGDPR Compliant

Products

LLM EvaluationLLM Observability

Blog

LLM evaluation metricsLLM-as-a-judgeLLM chatbot evaluationLLM testingLLM dataset generationLLM red-teaming

Resources

BlogQuickStartDeepEval DocsDeepTeam Docs

Company

Open-sourcePricingCareers

Legal Stuff

Terms of ServicePrivacy PolicyCookie PolicySub-ProcessorsData Processing Agreement