Strong Compute Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is part of the Terms of Service (or another applicable written or electronic agreement) between Strong Compute Services Corporation (“SCS,” “we,” or “our”) and you (“Customer” or “you”). This DPA outlines how we process personal data to provide our services (“Services”) in compliance with applicable laws, including the General Data Protection Regulation (GDPR).

Definitions

  • Controller: The natural or legal person that determines the purposes and means of processing personal data.

  • Customer Data: Any data, including personal data, proprietary business information, and other content, that the Customer uploads to or processes using Strong Compute’s Services. Customer Data may include, but is not limited to, personal data as defined under applicable data protection laws.

  • Processor: SCS, acting on behalf of the Controller, processes personal data in accordance with this DPA.

  • Sub-processor: Any third-party service provider engaged by SCS to process personal data on behalf of the Controller.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Data Subject: An individual whose personal data is processed.

  • Data Transfer: The movement of personal data between entities or jurisdictions.

Scope

This DPA applies whenever SCS processes personal data on behalf of the Customer as part of delivering the Services.

Customer Responsibilities

  1. Authorization to Process Data: By using our Services, you authorize SCS to process personal data as necessary to provide the Services.

  2. Legal Basis for Processing: You are responsible for ensuring you have a legal basis for processing personal data, including obtaining any required consents.

  3. Privacy Notices: You must provide all required privacy notices to Data Subjects.

  4. Data Subject Requests: You must promptly notify SCS if a Data Subject exercises their rights (e.g., access, correction, deletion) and requires assistance.

  5. Compliance with Applicable Laws: You are responsible for ensuring that your use of the Services complies with all applicable data protection laws.

SCS Responsibilities

  1. Processing Data: SCS will process Customer Data only as instructed by the Customer, unless required by law.

  2. Data Security: SCS will implement and maintain measures to protect Customer Data from loss, unauthorized access, or breaches.

  3. Managing Subprocessors: SCS will ensure subprocessors meet the data protection standards of this DPA and notify the Customer of changes at least 7 days in advance, allowing time for objections.

  4. Breach Notification: SCS will promptly notify the Customer of any data breaches and provide details to help meet regulatory obligations.

  5. Data Subject Rights: SCS will assist the Customer with responding to Data Subject requests (e.g., access, correction, or deletion) as required by law.

  6. Compliant Data Transfers: SCS will ensure any data transfers outside applicable jurisdictions comply with legal requirements, including Standard Contractual Clauses.

  7. Returning or Deleting Data: SCS will return or delete Customer Data within 30 days of contract termination unless retention is legally required.

  8. Confidentiality: SCS will ensure all personnel handling Customer Data are bound by confidentiality obligations.

  9. Audits and Documentation: SCS will provide documentation to demonstrate compliance and facilitate audits as required by law.

Data Transfers

We may transfer personal data to jurisdictions outside the European Economic Area (EEA) where necessary to provide the Services. Such transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

CCPA Compliance

Strong Compute shall not process, retain, use, or disclose Customer Data for any purpose other than as outlined in this DPA and permitted under the California Consumer Privacy Act (CCPA). We do not sell or share personal information as defined under the CCPA.

Return and Deletion of Data

  1. Upon termination of the Agreement, we will return or delete all personal data within 30 days unless applicable law requires retention.

  2. Data will be returned in a commonly used format if requested.

  3. You are responsible for maintaining backups of your data during the term of the Agreement.

Technical and Organizational Measures

To ensure the security, confidentiality, and integrity of personal data, SCS implements:

  • Access Controls: Role-based access, multi-factor authentication, and audit logs.

  • Incident Response: Defined procedures for managing and mitigating security incidents.

  • Regular Assessments: Vulnerability scans, penetration testing, and risk assessments.

  • Training: Security and data protection training for personnel handling personal data.

Annexes Annex I: Sub-processor List

Sub-processor

Purpose

Locations Used

HIPAA Compliant

Amazon Web Services (AWS)

Cloud hosting and storage

us-east-1, us-east-2, us-west-1, us-west-2, ap-southeast-2, ap-northeast-1, eu-west-1, eu-north-1

✅ Yes

Google Cloud Platform (GCP)

Cloud hosting and storage

us-central1, us-east1, us-east4, asia-southeast1, asia-south1

❌ No

Microsoft Azure

Cloud hosting and storage

East US, Italy North

✅ Yes

Oracle Cloud

Cloud hosting and storage

us-ashburn-1

✅ Yes

Oblivus

Cloud hosting and storage

MON1 (Canada, Montreal), OSL1 (Norway, Oslo), TXS1 (USA, Texas)

❌ No

Fly.io

Application hosting

Global edge locations (region varies)

❌ No

Apple iCloud (Notes)

Internal team notes (may contain limited customer info)

US

❌ No

Google Workspace

Document storage, customer support notes

US

❌ No

Slack

Internal communication (support/account discussions)

US

❌ No

Discord

Team communication (limited private channel use)

US

❌ No

Stripe

Payment processing

US

✅ Yes (no access to PHI)

HubSpot

Customer relationship management

US

❌ No

Annex II: Data Exporter and Importer Details

A. Parties

Role

Name

Address

Contact

Activities

Data Exporter

Customer

[To be completed by Customer]

[To be completed by Customer]

Provides personal data to Strong Compute for processing via AI infrastructure services

Data Importer

Strong Compute Corporation

1950 W Corporate Way Suite 69009 Anaheim CA 92801

[email protected]

Receives and processes customer data using cloud infrastructure providers to deliver AI compute services

B. Description of Transfer

Item

Description

Nature of Processing

Customer provides personal data to Strong Compute for AI infrastructure services including compute orchestration, deployment automation, and support

Categories of Data Subjects

End users of customer workloads, customers’ employees, authorized users

Categories of Personal Data

Name, email, logs, job metadata, technical identifiers (e.g., IP, usage patterns)

Sensitive Data

Not expected or permitted unless explicitly configured by customer

Frequency of Transfer

Continuous, real-time as necessary for service performance

Retention Period

For the duration of the Agreement unless otherwise specified or required by law

Duration

This DPA remains in effect until all Customer Data is deleted in accordance with its terms.

Amendments and Updates

We may update this DPA from time to time to reflect changes in our operations, legal obligations, or industry standards. When we make material changes, we will notify you by posting the revised version on our website and providing advance notice where required. Continued use of our Services after such updates constitutes your acknowledgment of the revised DPA.

Miscellaneous

  1. Conflict of Terms: If any terms of this DPA conflict with the Agreement, terms of this DPA will prevail with respect to data protection matters.

  2. Governing Law: This DPA is governed by the laws of the State of Delaware.

PreviousGDPRNextAugust 2025

Last updated