Data Processing Agreement

Overview

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Silas and the Customer, and governs the processing of personal data by Silas on behalf of the Customer.

Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Data Controller: The Customer, who determines the purposes and means of processing
• Data Processor: Silas, who processes data on behalf of the Customer
• Sub-processor: Third parties engaged by Silas to process data

Processing Details

Categories of Data

• User account information (name, email)
• Documents and files uploaded by users
• Chat conversations and queries
• Usage and analytics data

Purpose of Processing

Personal data is processed solely to provide the Silas service, including document storage, AI-powered search and chat, and account management.

Security Measures

Silas implements appropriate technical and organizational measures including:

• Protection of data in transit and at rest using managed cloud infrastructure and encryption
• Access controls and authentication
• Security review and improvement processes
• Operational access controls and internal security practices
• Incident response procedures

Sub-processors

Silas uses the following categories of sub-processors:

• Cloud infrastructure providers
• AI model providers
• Payment processors
• Analytics services

Vendor categories are published in our Trust Center. A named vendor list may be made available to eligible business or institutional customers during security or procurement review.

Data Subject Rights

Silas will assist the Customer in responding to requests from data subjects to exercise their rights under applicable data protection law, including rights of access, rectification, erasure, and data portability.

International Transfers

Where personal data is transferred outside the EEA, Silas relies on Standard Contractual Clauses approved by the European Commission to ensure adequate protection.