Draft — pending legal review

This document is a template provided for convenience and does not constitute legal advice. It has not yet been reviewed by counsel and may change before it becomes binding.

Data Processing Agreement

This Data Processing Agreement (“DPA”) supplements the Asenta Terms of Service and describes how Asenta processes Customer Content containing personal data on behalf of a customer. It is a draft for the customer's and Asenta's counsel to review before execution — not legal advice.

Effective
July 1, 2026
Last updated
July 1, 2026

0. Draft status

This DPA is a draft. It is provided as a starting point so a customer and their counsel can review Asenta’s processing activities and controls. It is not legal advice, is not yet executed, and does not bind either party until signed by both parties as an addendum to the Terms of Service. Where this DPA and the Terms conflict as to the processing of personal data, this DPA controls.

1. Parties and roles

This DPA is between the customer entity that has agreed to the Terms of Service (“Customer”, the “Controller”) and Asenta (“Processor”). Customer determines the purposes and means of processing the personal data contained in its Customer Content — for example, by choosing what AI-generated output to submit for review and what oversight rules to configure. Asenta processes that personal data only as a processor, on Customer’s documented instructions, to provide the Service described in the Terms.

This DPA does not apply to Asenta’s own account, billing, and operational data, for which Asenta acts as an independent controller as described in the Privacy Policy.

2. Subject-matter and scope of processing

Asenta is a human-approval and audit layer that sits between Customer’s AI pipeline and the real-world action its output triggers. The subject-matter of processing is the Customer Content Customer submits to the Service: AI-generated output, associated metadata, reviewer edits, comments, approval/rejection/regeneration decisions, and any assets Customer or its reviewers upload. This content may contain personal data about Customer’s own end users, employees, or other data subjects, depending on what Customer chooses to submit.

  • Nature and purpose of processing — hosting, storing, routing for review, recording decisions to an audit trail, and delivering signed webhooks so Customer’s systems can act on approved output.
  • Duration of processing — for the term of the Terms of Service, and thereafter only as needed to fulfill Customer’s retention settings or legal obligations (see Section 9).
  • Categories of data subjects — determined by Customer; typically the end users, customers, or counterparties referenced in Customer Content, and Customer’s own personnel who act as reviewers.
  • Categories of personal data — determined by Customer’s submissions; may include names, contact details, or other personal data embedded in AI-generated text or assets. Asenta does not request or require any particular category and has no visibility into Customer Content until Customer submits it.

3. Processor obligations

  • Instructions. Asenta will process Customer Content only on Customer’s documented instructions — as embodied in the Terms, this DPA, and Customer’s configuration of the Service (oversight rules, retention settings, webhook endpoints) — unless required to do otherwise by law, in which case Asenta will inform Customer of that legal requirement first, unless the law prohibits this.
  • Confidentiality. Asenta restricts access to Customer Content to personnel and contractors who need it to operate the Service, and who are bound by confidentiality obligations.
  • No unauthorized use. Asenta does not sell Customer Content and does not use it to train Asenta’s own or any third party’s models. Asenta’s learning-loop feature operates entirely within Customer’s own organization: reviewer edits are surfaced back only to that same organization as style rules and examples, retrieved through Customer’s own feedback API calls.
  • Sub-processors. Asenta will only engage sub-processors under a written agreement imposing data-protection obligations materially equivalent to those in this DPA, and remains responsible for each sub-processor’s performance, as described in Section 5.
  • Assistance. Asenta will provide reasonable assistance to Customer in responding to data-subject requests and regulator inquiries, and in meeting Customer’s obligations regarding security, breach notification, and data protection impact assessments, to the extent these relate to Asenta’s processing and the information is reasonably available to Asenta.

4. Security measures

Asenta implements the following technical and organizational measures to protect Customer Content. These are the controls Asenta actually operates today, not aspirational commitments:

  • Tenant isolation. Customer Content is scoped by organization and enforced with Postgres row-level security (RLS) policies, so one customer’s data is not visible to another’s queries at the database layer.
  • Signed webhooks. Outbound webhook deliveries are HMAC-signed per organization with a unique signing secret, so Customer’s systems can verify that a delivery genuinely originated from Asenta and was not tampered with in transit.
  • Append-only, hash-chained audit trail. Review decisions are recorded to an append-only ledger where each row is cryptographically linked to the prior row (a hash chain), so the decision history cannot be silently altered or reordered after the fact, and any tampering is independently detectable.
  • Encryption in transit. All access to the Service occurs over TLS.
  • Access controls. Access to the dashboard and APIs is authenticated, role-scoped within each organization (for example, admin, reviewer, viewer), and API keys are stored only as hashes, never in plaintext.

No security program eliminates all risk. Asenta will notify Customer of a confirmed security incident affecting Customer Content in accordance with Section 7.

5. Sub-processors

Customer authorizes Asenta to engage the following sub-processors to provide the Service. Each is listed with its purpose and the categories of data it may process:

  • Supabase — database hosting, authentication, and file/object storage. Processes account and organization data, Customer Content (queue items, decisions, comments, uploaded assets), and the audit trail; this is where data is stored at rest.
  • Resend — transactional and notification email delivery. Processes recipient email addresses and the content of review-notification and account emails (which may reference Customer Content, for example an item summary in a notification).
  • Vercel — application hosting, serverless compute, and edge/CDN delivery for the dashboard and APIs. Processes requests and responses in transit, including Customer Content, as it is served to and from the Service.

Asenta will provide reasonable advance notice before adding or replacing a sub-processor that will process Customer Content. Customers may subscribe to change notifications in the dashboard to be informed when this list changes. If Customer objects to a new sub-processor on reasonable data-protection grounds, the parties will discuss a resolution; if none is reached, Customer’s remedy is to terminate the affected Service in accordance with the Terms.

6. Assistance with data-subject rights

Because Asenta processes Customer Content solely as a processor, requests from data subjects (access, correction, deletion, portability) about that content should be directed to Customer as the controller. Asenta will assist Customer in fulfilling such requests using the Service’s built-in tools:

  • Export. Customer can export a data subject’s records within an organization (decisions, approvals, comments, mentions, and notifications) as a structured JSON or CSV bundle to respond to access or portability requests.
  • Erasure. Customer can trigger anonymize-in-place erasure for a subject, which redacts the subject’s identifying fields (name, email, free-text comment bodies) while preserving the append-only, hash-chained decision record required for audit integrity. Erasure is idempotent and does not delete the underlying decision row, only the personal data attached to it.
  • Retention. Customer can configure a retention window (in days) after which the content of terminal (approved/rejected) queue items is automatically purged by a scheduled job, while the row and its hash-chained decision are preserved.

7. Personal data breach notification

Asenta will notify Customer without undue delay after becoming aware of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Content transmitted, stored, or otherwise processed by Asenta. The notification will describe, to the extent then known, the nature of the incident, the categories and approximate number of data subjects and records affected, and the measures taken or proposed to address it. Asenta will reasonably cooperate with Customer’s own investigation and any notification obligations Customer has to data subjects or regulators.

8. Audit and inspection

On reasonable prior written notice, and no more than once per year absent a confirmed security incident or a legal or regulatory requirement, Asenta will make available to Customer information reasonably necessary to demonstrate compliance with this DPA, including responding to a written questionnaire regarding the security measures described in Section 4. Any on-site or third-party audit will be conducted during normal business hours, at Customer’s expense, subject to reasonable confidentiality restrictions, and without disrupting Asenta’s operations or other customers’ data.

9. Return and deletion of data on termination

On termination of the Terms, Asenta will make Customer Content available for export for a reasonable period, then delete or anonymize it in accordance with Asenta’s data-retention practices, except to the extent retention is required by law. Customer may also delete a workspace or its own account at any time from the dashboard, which soft-deletes the organization’s content (workspace deletion) or anonymizes the account’s identifying data (account deletion) going forward; the append-only, hash-chained audit trail is preserved as described in Section 4 unless and until it, too, is deleted under Asenta’s retention practices.

10. International data transfers

Asenta’s sub-processors (Section 5) may process Customer Content in countries other than Customer’s own. Where such a transfer requires a safeguard under applicable data-protection law, the parties will rely on an appropriate transfer mechanism (for example, Standard Contractual Clauses or an equivalent successor framework). [Specific transfer mechanism and any required annex to be finalized in legal review.]

11. Liability

Each party’s liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service, which apply in aggregate across the Terms and this DPA and do not reset separately for this DPA.

12. Governing law and term

This DPA is governed by the same governing law as the Terms of Service and remains in effect for as long as Asenta processes Customer Content on Customer’s behalf under the Terms. [Governing-law jurisdiction to be finalized in legal review, consistent with the Terms.]

13. Contact

Questions about this DPA, sub-processor change notifications, or data-subject requests can be sent to support@asenta.app.