Data Processing Addendum (DPA)

This DPA supplements Qortexia's Terms when we process personal data on your behalf.

1. Definitions

• Customer Data: Personal data uploaded or provided by you
• Processor: Qortexia
• Controller: You

2. Roles

You are the Controller; Qortexia is the Processor and follows your instructions. We process Customer Data only as necessary to provide our services and in accordance with this DPA and applicable data protection laws.

3. Data Processing

We process Customer Data only to:

• Authenticate users
• Analyze files
• Generate insights
• Maintain service functionality
• Ensure security

4. Sub-Processors

We may use:

• Supabase (storage/authentication)
• Cloud infrastructure providers

All sub-processors must meet equivalent security obligations and are bound by appropriate data protection agreements.

5. Security Measures

We employ encryption, access controls, monitoring, and best-practice protections to safeguard Customer Data against unauthorized access, disclosure, alteration, or destruction.

6. Data Subject Rights

We assist with requests to:

• Delete data
• Export data
• Correct information

7. Data Deletion

Upon request or account termination, we delete or anonymize Customer Data in accordance with applicable laws and our retention policies.

8. International Transfers

We ensure adequate transfer protections when Customer Data is transferred across international borders, including the use of standard contractual clauses or other appropriate safeguards.

9. Updates

We may update this DPA as necessary. Material changes will be communicated to you via email or through the service. Continued use of Qortexia after such updates constitutes acceptance of the revised DPA.

10. Contact Us

For questions about this DPA, contact us at colton@qortexia.com.