Data Processing Addendum

Last updated: May 12, 2026

This Addendum supplements the Adeft Master Services Agreement and governs the processing of personal data on the platform.

Placeholder content. The production DPA is provided to customers during contracting. This page exists so the URL is indexable and counsel-reviewable.

Roles

For data submitted by customers, the customer is the "controller" and Adeft is the "processor." Adeft processes personal data only on documented instructions from the customer and as required by law.

Sub-processors

The current sub-processor list is maintained at adeft.ai/security#sub-processors. We notify customers at least 30 days before any addition takes effect and provide a mechanism to object.

International transfers

Adeft uses the EU Standard Contractual Clauses and the UK IDTA as the primary transfer mechanisms where applicable. Customers can request data localization on Enterprise deployments.

Security commitments

Adeft maintains the technical and organizational measures described in the Security page, including encryption, access control, tenant isolation, audit logging, and incident response.

Audit and assistance

Customers may audit Adeft’s compliance with the DPA once per year and in cases of suspected non-compliance. Adeft will reasonably assist customers with data-subject requests and Data Protection Impact Assessments.

Contact

Questions: legal@adeft.ai.