Data Processing Addendum
This DPA governs ModelPilot's processing of personal data on your behalf.
1. Roles & definitions
"Customer" is the controller of the personal data; "ModelPilot" (the provider of the ModelPilot service, the "Service") acts as processor on Customer's documented instructions. "Personal data," "processing," "controller," "processor," and "data subject" have the meanings given under applicable data-protection law (incl. the GDPR/UK GDPR and CCPA where relevant). This DPA forms part of the agreement between the parties for use of the Service.
2. Scope & nature of processing
The Service routes Claude API requests to cost-efficient models. By design, prompt content, model outputs, and Customer's API keys are not transmitted to or processed by ModelPilot — they pass from Customer's infrastructure directly to Anthropic using Customer's key. ModelPilot processes only:
- account data (e.g. the email address and company of authorized users);
- operational metadata (task category, token counts, model identifiers, cost/savings figures, status and routing flags) — including any opt-in per-request metadata Customer chooses to send; and
- aggregate usage figures used to calculate billing.
Duration of processing is the term of the agreement; the subject matter is provision of the Service; categories of data subjects are Customer's authorized users.
3. Customer instructions
ModelPilot processes personal data only on Customer's documented instructions (including via the Service's configuration), unless required by law, in which case ModelPilot will inform Customer where legally permitted.
4. Confidentiality
ModelPilot ensures persons authorized to process the personal data are bound by appropriate confidentiality obligations.
5. Security
ModelPilot implements appropriate technical and organizational measures, including TLS in transit, encryption at rest, hashed credentials, scoped/revocable API keys, least-privilege access, and an architecture in which prompt content never reaches ModelPilot. Current measures are described at /security.
6. Subprocessors
Customer authorizes ModelPilot to engage the subprocessors listed at /legal/subprocessors. ModelPilot imposes data-protection obligations on subprocessors no less protective than this DPA, remains responsible for their performance, and will give Customer notice of intended changes with a reasonable opportunity to object.
7. Data subject rights
Taking into account the nature of the processing, ModelPilot assists Customer with appropriate technical and organizational measures, insofar as possible, to respond to data-subject requests (access, rectification, erasure, portability, objection).
8. Personal data breach
ModelPilot notifies Customer without undue delay after becoming aware of a personal data breach affecting Customer's personal data, with information reasonably available to assist Customer's own obligations.
9. Deletion & return
On termination, and at Customer's choice, ModelPilot deletes or returns the personal data it processes on Customer's behalf, except where retention is required by law. Customer may also export data and request deletion during the term.
10. International transfers
Where processing involves transfers of personal data subject to GDPR/UK GDPR to a country without an adequacy decision, the parties agree the applicable Standard Contractual Clauses (and UK Addendum, where relevant) are incorporated by reference and completed with the details in this DPA and the subprocessors page.
11. Audit & information
ModelPilot makes available information reasonably necessary to demonstrate compliance with this DPA and, on reasonable request and subject to confidentiality, supports audits consistent with applicable law.
12. General
If there is a conflict between this DPA and the agreement on data-protection matters, this DPA prevails. Liability is subject to the limitations in the agreement.
To execute or redline this DPA, contact krethikram@gmail.com. · Security · Subprocessors