CUBESLog in

Data Processing Agreement (DPA)

CUBES

Version: 1.0
Effective Date: [DATE_OF_PUBLICATION]
Last Updated: [DATE_OF_PUBLICATION]

1. Parties

This Data Processing Agreement ("DPA") forms part of the Terms of Service and is entered into between:

  • User ("Controller"), and
  • CUBES, operated by an individual founder residing in Italy ("Processor").

2. Scope and Purpose

This DPA applies to the processing of personal data by the Processor on behalf of the Controller in connection with the use of the CUBES Service.

Processing is limited to what is necessary to provide and operate the Service as described in the Terms of Service and Privacy Policy.

3. Roles of the Parties

For user-provided repositories, documents, and content:

  • The User acts as the Data Controller.
  • CUBES acts as the Data Processor.

For account management, billing, security, and operational data:

  • CUBES acts as the Data Controller.

4. Categories of Data Subjects and Data

Data Subjects

  • Users of the Service
  • Authorized collaborators or viewers designated by the User

Categories of Personal Data

  • Identification and contact data
  • Authentication data via third-party services
  • Repository-related metadata
  • Uploaded documents and files
  • Generated outputs and reports
  • Technical and security logs

5. Processing Activities

Personal data may be processed for the following activities:

  • providing the Service,
  • analyzing repositories and documents,
  • generating informational outputs,
  • ensuring system security,
  • complying with legal obligations,
  • responding to user requests.

6. Processor Obligations

The Processor shall:

  • process personal data only on documented instructions of the Controller,
  • not use personal data for its own marketing purposes,
  • ensure personnel with access to data are subject to confidentiality obligations,
  • implement reasonable organizational measures to protect personal data.

7. Subprocessors

The Processor may engage subprocessors to provide infrastructure, authentication, processing, or monitoring services.

A non-exhaustive list of subprocessors may include:

  • cloud infrastructure providers,
  • authentication providers,
  • AI service providers,
  • monitoring and error-tracking services.

The Processor remains responsible for subprocessors in accordance with applicable law.

8. International Data Transfers

Personal data may be processed in jurisdictions where subprocessors operate.

The Processor does not guarantee that processing is limited to the European Economic Area.

9. Data Subject Requests

Requests from data subjects to exercise their rights under applicable data protection laws shall be submitted via the contact details provided in the Legal / Contact page.

The Processor shall assist the Controller in responding to such requests, within reasonable limits and timeframes.

10. Data Retention and Deletion

Personal data shall be retained only for as long as necessary to provide the Service and comply with legal or operational requirements.

Upon termination of the Service or request for deletion, personal data will be deleted or anonymized, subject to legal, accounting, security, or compliance obligations.

11. Security Measures

The Processor implements reasonable technical and organizational measures to protect personal data.

No specific technical measures are guaranteed, and absolute security is not warranted.

12. Audits

The Processor may make available reasonable information necessary to demonstrate compliance with this DPA, subject to confidentiality and security considerations.

13. Liability

Liability arising from this DPA is subject to the limitations set forth in the Terms of Service.

14. Governing Law

This DPA is governed by the laws of Italy.

15. Conflict

In the event of a conflict between this DPA and the Terms of Service, this DPA shall prevail with respect to data protection matters.

End of Data Processing Agreement