Data Processing Agreement

Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Silas and the Customer, and governs the processing of personal data by Silas on behalf of the Customer.

Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Data Controller: The Customer, who determines the purposes and means of processing
• Data Processor: Silas, who processes data on behalf of the Customer
• Sub-processor: Third parties engaged by Silas to process data

Processing Details

Categories of Data

• User account information (name, email)
• Documents and files uploaded by users
• Chat conversations and queries
• Usage and analytics data

Purpose of Processing

Personal data is processed solely to provide the Silas service, including document storage, AI-powered search and chat, and account management.

Security Measures

Silas implements appropriate technical and organizational measures including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Access controls and authentication
• Regular security assessments
• Employee training and background checks
• Incident response procedures

Sub-processors

Silas uses the following categories of sub-processors:

• Cloud infrastructure providers
• AI model providers
• Payment processors
• Analytics services

A complete list of sub-processors is available upon request. Customers will be notified of any changes to sub-processors.

Data Subject Rights

Silas will assist the Customer in responding to requests from data subjects to exercise their rights under applicable data protection law, including rights of access, rectification, erasure, and data portability.

International Transfers

Where personal data is transferred outside the EEA, Silas relies on Standard Contractual Clauses approved by the European Commission to ensure adequate protection.