Data Processing Agreement
Last updated: April 10, 2026
1. Scope
This DPA applies to all personal data processed by Ship Up on behalf of clients through our AI platforms and agent services.
2. Roles
The client is the Data Controller. Ship Up acts as a Data Processor. We process data only according to the client's documented instructions.
3. Sub-Processors
We use the following categories of sub-processors:
- Cloud infrastructure providers (hosting and compute)
- LLM providers (as specified in your project agreement)
- Monitoring and observability tools
Clients are notified 30 days before any new sub-processor is added.
4. Data Retention
Data is retained for the duration of the service agreement. Upon termination, all data is exported to the client and deleted from our systems within 30 days.
5. International Transfers
Data transfers outside the EEA are protected by Standard Contractual Clauses. On-premise deployment eliminates international transfers entirely.
6. Breach Notification
In the event of a data breach, Ship Up will notify the client within 72 hours with full details of the incident, affected data, and remediation steps.
7. Contact
DPA inquiries: [email protected]