# Strong Compute Data Processing Agreement (DPA) This Data Processing Agreement (“DPA”) is part of the Terms of Service (or another applicable written or electronic agreement) between Strong Compute Services Corporation (“SCS,” “we,” or “our”) and you (“Customer” or “you”). This DPA outlines how we process personal data to provide our services (“Services”) in compliance with applicable laws, including the General Data Protection Regulation (GDPR). *** #### Definitions * Controller: The natural or legal person that determines the purposes and means of processing personal data. * Customer Data: Any data, including personal data, proprietary business information, and other content, that the Customer uploads to or processes using Strong Compute’s Services. Customer Data may include, but is not limited to, personal data as defined under applicable data protection laws. * Processor: SCS, acting on behalf of the Controller, processes personal data in accordance with this DPA. * Sub-processor: Any third-party service provider engaged by SCS to process personal data on behalf of the Controller. * Personal Data: Any information relating to an identified or identifiable natural person. * Data Subject: An individual whose personal data is processed. * Data Transfer: The movement of personal data between entities or jurisdictions. *** #### Scope This DPA applies whenever SCS processes personal data on behalf of the Customer as part of delivering the Services. *** #### Customer Responsibilities 1. Authorization to Process Data: By using our Services, you authorize SCS to process personal data as necessary to provide the Services. 2. Legal Basis for Processing: You are responsible for ensuring you have a legal basis for processing personal data, including obtaining any required consents. 3. Privacy Notices: You must provide all required privacy notices to Data Subjects. 4. Data Subject Requests: You must promptly notify SCS if a Data Subject exercises their rights (e.g., access, correction, deletion) and requires assistance. 5. Compliance with Applicable Laws: You are responsible for ensuring that your use of the Services complies with all applicable data protection laws. *** #### SCS Responsibilities 1. Processing Data: SCS will process Customer Data only as instructed by the Customer, unless required by law. 2. Data Security: SCS will implement and maintain measures to protect Customer Data from loss, unauthorized access, or breaches. 3. Managing Subprocessors: SCS will ensure subprocessors meet the data protection standards of this DPA and notify the Customer of changes at least 7 days in advance, allowing time for objections. 4. Breach Notification: SCS will promptly notify the Customer of any data breaches and provide details to help meet regulatory obligations. 5. Data Subject Rights: SCS will assist the Customer with responding to Data Subject requests (e.g., access, correction, or deletion) as required by law. 6. Compliant Data Transfers: SCS will ensure any data transfers outside applicable jurisdictions comply with legal requirements, including Standard Contractual Clauses. 7. Returning or Deleting Data: SCS will return or delete Customer Data within 30 days of contract termination unless retention is legally required. 8. Confidentiality: SCS will ensure all personnel handling Customer Data are bound by confidentiality obligations. 9. Audits and Documentation: SCS will provide documentation to demonstrate compliance and facilitate audits as required by law. *** #### Data Transfers We may transfer personal data to jurisdictions outside the European Economic Area (EEA) where necessary to provide the Services. Such transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required. *** #### CCPA Compliance Strong Compute shall not process, retain, use, or disclose Customer Data for any purpose other than as outlined in this DPA and permitted under the California Consumer Privacy Act (CCPA). We do not sell or share personal information as defined under the CCPA. *** #### Return and Deletion of Data 1. Upon termination of the Agreement, we will return or delete all personal data within 30 days unless applicable law requires retention. 2. Data will be returned in a commonly used format if requested. 3. You are responsible for maintaining backups of your data during the term of the Agreement. *** #### Technical and Organizational Measures To ensure the security, confidentiality, and integrity of personal data, SCS implements: * Access Controls: Role-based access, multi-factor authentication, and audit logs. * Incident Response: Defined procedures for managing and mitigating security incidents. * Regular Assessments: Vulnerability scans, penetration testing, and risk assessments. * Training: Security and data protection training for personnel handling personal data. *** **Annexes**\ \ **Annex I: Sub-processor List** | Sub-processor | Purpose | Locations Used | HIPAA Compliant | | --------------------------- | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ----------------------- | | Amazon Web Services (AWS) | Cloud hosting and storage | us-east-1, us-east-2, us-west-1, us-west-2, ap-southeast-2, ap-northeast-1, eu-west-1, eu-north-1 | ✅ Yes | | Google Cloud Platform (GCP) | Cloud hosting and storage | us-central1, us-east1, us-east4, asia-southeast1, asia-south1 | ❌ No | | Microsoft Azure | Cloud hosting and storage | East US, Italy North | ❌ No | | Oracle Cloud | Cloud hosting and storage | us-ashburn-1 | ✅ Yes | | Oblivus | Cloud hosting and storage | MON1 (Canada, Montreal), OSL1 (Norway, Oslo), TXS1 (USA, Texas) | ❌ No | | Fly.io | Application hosting | Global edge locations (region varies) | ❌ No | | Apple iCloud (Notes) | Internal team notes (may contain limited customer info) | US | ❌ No | | Google Workspace | Document storage, customer support notes | US | ❌ No | | Slack | Internal communication (support/account discussions) | US | ❌ No | | Discord | Team communication (limited private channel use) | US | ❌ No | | Stripe | Payment processing | US | ❌ No (no access to PHI) | | HubSpot | Customer relationship management | US | ❌ No | #### Annex II: Data Exporter and Importer Details **A. Parties** | Role | Name | Address | Contact | Activities | | ------------- | -------------------------- | ------------------------------------------------- | ------------------------------ | -------------------------------------------------------------------------------------------------------- | | Data Exporter | Customer | \[To be completed by Customer] | \[To be completed by Customer] | Provides personal data to Strong Compute for processing via AI infrastructure services | | Data Importer | Strong Compute Corporation | 1950 W Corporate Way Suite 69009 Anaheim CA 92801 | | Receives and processes customer data using cloud infrastructure providers to deliver AI compute services | #### B. Description of Transfer | Item | Description | | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Nature of Processing | Customer provides personal data to Strong Compute for AI infrastructure services including compute orchestration, deployment automation, and support | | Categories of Data Subjects | End users of customer workloads, customers’ employees, authorized users | | Categories of Personal Data | Name, email, logs, job metadata, technical identifiers (e.g., IP, usage patterns) | | Sensitive Data | Not expected or permitted unless explicitly configured by customer | | Frequency of Transfer | Continuous, real-time as necessary for service performance | | Retention Period | For the duration of the Agreement unless otherwise specified or required by law | *** **Duration** This DPA remains in effect until all Customer Data is deleted in accordance with its terms. *** #### Amendments and Updates We may update this DPA from time to time to reflect changes in our operations, legal obligations, or industry standards. When we make material changes, we will notify you by posting the revised version on our website and providing advance notice where required. Continued use of our Services after such updates constitutes your acknowledgment of the revised DPA. *** #### Miscellaneous 1. Conflict of Terms: If any terms of this DPA conflict with the Agreement, terms of this DPA will prevail with respect to data protection matters. 2. Governing Law: This DPA is governed by the laws of the State of Delaware.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongcompute.com/gdpr/strong-compute-data-processing-agreement-dpa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.