Strong Compute Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is part of the Terms of Service (or another applicable written or electronic agreement) between Strong Compute Services Corporation (“SCS,” “we,” or “our”) and you (“Customer” or “you”). This DPA outlines how we process personal data to provide our services (“Services”) in compliance with applicable laws, including the General Data Protection Regulation (GDPR).

Definitions

  • Controller: The natural or legal person that determines the purposes and means of processing personal data.

  • Customer Data: Any data, including personal data, proprietary business information, and other content, that the Customer uploads to or processes using Strong Compute’s Services. Customer Data may include, but is not limited to, personal data as defined under applicable data protection laws.

  • Processor: SCS, acting on behalf of the Controller, processes personal data in accordance with this DPA.

  • Sub-processor: Any third-party service provider engaged by SCS to process personal data on behalf of the Controller.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Data Subject: An individual whose personal data is processed.

  • Data Transfer: The movement of personal data between entities or jurisdictions.

Scope

This DPA applies whenever SCS processes personal data on behalf of the Customer as part of delivering the Services.

Customer Responsibilities

  1. Authorization to Process Data: By using our Services, you authorize SCS to process personal data as necessary to provide the Services.

  2. Legal Basis for Processing: You are responsible for ensuring you have a legal basis for processing personal data, including obtaining any required consents.

  3. Privacy Notices: You must provide all required privacy notices to Data Subjects.

  4. Data Subject Requests: You must promptly notify SCS if a Data Subject exercises their rights (e.g., access, correction, deletion) and requires assistance.

  5. Compliance with Applicable Laws: You are responsible for ensuring that your use of the Services complies with all applicable data protection laws.

SCS Responsibilities

  1. Processing Data: SCS will process Customer Data only as instructed by the Customer, unless required by law.

  2. Data Security: SCS will implement and maintain measures to protect Customer Data from loss, unauthorized access, or breaches.

  3. Managing Subprocessors: SCS will ensure subprocessors meet the data protection standards of this DPA and notify the Customer of changes at least 7 days in advance, allowing time for objections.

  4. Breach Notification: SCS will promptly notify the Customer of any data breaches and provide details to help meet regulatory obligations.

  5. Data Subject Rights: SCS will assist the Customer with responding to Data Subject requests (e.g., access, correction, or deletion) as required by law.

  6. Compliant Data Transfers: SCS will ensure any data transfers outside applicable jurisdictions comply with legal requirements, including Standard Contractual Clauses.

  7. Returning or Deleting Data: SCS will return or delete Customer Data within 30 days of contract termination unless retention is legally required.

  8. Confidentiality: SCS will ensure all personnel handling Customer Data are bound by confidentiality obligations.

  9. Audits and Documentation: SCS will provide documentation to demonstrate compliance and facilitate audits as required by law.

Data Transfers

We may transfer personal data to jurisdictions outside the European Economic Area (EEA) where necessary to provide the Services. Such transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

CCPA Compliance

Strong Compute shall not process, retain, use, or disclose Customer Data for any purpose other than as outlined in this DPA and permitted under the California Consumer Privacy Act (CCPA). We do not sell or share personal information as defined under the CCPA.

Return and Deletion of Data

  1. Upon termination of the Agreement, we will return or delete all personal data within 30 days unless applicable law requires retention.

  2. Data will be returned in a commonly used format if requested.

  3. You are responsible for maintaining backups of your data during the term of the Agreement.

Technical and Organizational Measures

To ensure the security, confidentiality, and integrity of personal data, SCS implements:

  • Access Controls: Role-based access, multi-factor authentication, and audit logs.

  • Incident Response: Defined procedures for managing and mitigating security incidents.

  • Regular Assessments: Vulnerability scans, penetration testing, and risk assessments.

  • Training: Security and data protection training for personnel handling personal data.

Annexes

Annex I: Processing Details

  • Categories of Data Subjects: Customer’s authorized users of the Services.

  • Categories of Personal Data: Name, email, job title, IP address, and other identifiers.

  • Sensitive Data: Not applicable.

  • Nature of Processing: Data storage, transmission, and analytics.

  • Duration: For the term of the Agreement unless otherwise specified.

Annex II: Sub-processor List

  • Amazon Web Services (AWS): Cloud hosting and storage.

  • Apple iCloud (Notes): Internal team notes containing customer info

  • Discord: Team communication (limited customer data in private channels)

  • Fly.io: Application hosting.

  • Google Cloud Platform (GCP): Cloud hosting and storage.

  • Google Workspace: Document storage, customer support notes

  • Hubspot: Customer relationship management.

  • Microsoft Azure: Cloud hosting and storage.

  • Lambda Labs: Cloud hosting and storage

  • Oblivus: Cloud hosting and storage.

  • Oracle Cloud: Cloud hosting and storage.

  • Slack: Internal communication (includes customer support and account discussions)

  • Stripe: Payment processing.

Duration

This DPA remains in effect until all Customer Data is deleted in accordance with its terms.

Amendments and Updates

We may update this DPA from time to time to reflect changes in our operations, legal obligations, or industry standards. When we make material changes, we will notify you by posting the revised version on our website and providing advance notice where required. Continued use of our Services after such updates constitutes your acknowledgment of the revised DPA.

Miscellaneous

  1. Conflict of Terms: If any terms of this DPA conflict with the Agreement, terms of this DPA will prevail with respect to data protection matters.

  2. Governing Law: This DPA is governed by the laws of the State of Delaware.

PreviousGDPRNextMay 2025

Last updated