Data Processing Agreement
1. Parties
This Data Processing Agreement (“DPA”) is between Opsclinique (“Processor”) and the business owner who engages our services (“Controller”).
2. Scope of processing
Opsclinique processes personal data on behalf of the Controller for the purpose of delivering intake call transcription, pain point analysis, and prescription report generation. The categories of data processed include: business contact information, operational details shared during the intake call, and any third-party contact information provided in relation to the business.
3. Sub-processors
We engage the following sub-processors: Anthropic (AI processing), Supabase (data storage), Resend (email delivery), PostHog (analytics). Each sub-processor is bound by data processing terms consistent with GDPR requirements.
4. Security measures
We implement technical and organizational measures including: TLS encryption in transit, AES-256 encryption at rest, access controls limiting data access to authorized personnel, and regular security reviews.
5. Data subject rights
We will assist the Controller in fulfilling data subject access, correction, and deletion requests within 72 hours of notification. Requests should be sent to privacy@opsclinique.com.