Data Processing Addendum (DPA)
Effective Date: May 3, 2026 · Last Updated: May 3, 2026
Overview
This page provides information about the Data Processing Addendum (DPA) available to ProcessAIQ business customers, including those with obligations under the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA), and similar U.S. state privacy laws.
Availability
A formal DPA is available to ProcessAIQ business customers on request. The DPA covers:
- Roles and responsibilities of ProcessAIQ as a processor and you as a controller (or other applicable role under your jurisdiction's law)
- Confidentiality obligations
- Security measures and incident notification procedures
- Use of subprocessors and the current subprocessor list
- Data subject rights and how requests are handled
- International data transfer mechanisms (e.g., EU Standard Contractual Clauses) where applicable
- Audit rights and termination provisions
To request a copy of the DPA, please email hello@processaiq.ai with:
- Your organization name
- The email address you use for ProcessAIQ
- A brief description of the data processing concern (e.g., "GDPR compliance for EU employees" or "CCPA vendor list requirement")
We aim to respond within 5 business days. Most standard DPA requests are processed without modification. Material redlines or custom terms may require additional review time.
Subprocessors
ProcessAIQ uses the following subprocessors to deliver the Service. This list is current as of the Last Updated date above and may change as the Service evolves. Material changes will be communicated to customers under an active DPA in advance.
| Subprocessor | Purpose | Location |
|---|---|---|
| Anthropic | AI processing engine (Claude API) for report generation | United States |
| Supabase | Database hosting and user authentication | United States |
| Stripe | Payment processing | United States |
| Vercel | Application hosting and deployment | United States |
| Cloudflare | DNS, domain management, and security services | United States (global edge network) |
| Resend | Transactional email delivery (sign-in codes, account communications) | United States |
Data We Process
For details on what personal data ProcessAIQ collects, how it is used, retention periods, and your rights, please see our Privacy Policy.
Security
ProcessAIQ implements technical and organizational measures appropriate to the risk, including:
- Encryption of data in transit (TLS) and at rest
- Access controls, authentication, and least-privilege principles for internal access
- Logging and monitoring of system activity
- Use of subprocessors that are themselves security-attested (e.g., Stripe is PCI DSS Level 1; major cloud providers maintain SOC 2)
A more detailed security overview is available in our DPA package upon request.
International Data Transfers
ProcessAIQ is based in the United States. If you are located outside the U.S., your data is transferred to and processed in the U.S. For customers requiring contractual safeguards for cross-border transfers (e.g., EU Standard Contractual Clauses, UK International Data Transfer Addendum), these are included in our DPA.
Contact
For DPA requests, subprocessor inquiries, or data-protection questions:
J & J Howard Enterprises LLC dba ProcessAIQ
Goodyear, Arizona, USA
Email: hello@processaiq.ai
Website: processaiq.ai