Data Processing Addendum

1. Purpose

Polixai ("Processor") processes Customer ("Controller") data only for providing analytics insights.

2. Data Types

Polixai may process: GA4 data, Excel/CSV uploads, workspace metadata, and account information. Sensitive personal data should not be uploaded unless explicitly intended by the Customer.

3. Processing Instructions

Polixai processes data only based on Customer actions and instructions. The Customer must ensure compliance with applicable laws.

4. Security Measures

Data is encrypted in transit and at rest. Access is restricted to authorized systems. Full details appear on our Security & Privacy page.

5. Subprocessors

Polixai may use subprocessors necessary for operating the platform. A list of subprocessors will be published soon. Equivalent protection terms apply to all subprocessors.

6. Data Access & Deletion

Upon request, Polixai will delete account-level metadata and revoke data-source access tokens. Uploaded files may be deleted automatically after processing.

7. International Transfers

Data may be stored or processed outside the EEA. Full EU data residency is on the roadmap.

8. Incident Notification

Polixai will notify the Customer without undue delay if a data breach affects their data.

9. Confidentiality

Personnel with access to Customer data are bound by confidentiality obligations.

10. Termination

Upon termination, Polixai will delete or return Customer data within a reasonable timeframe unless legally required to retain it.

11. Liability

Liability is limited according to the main Terms & Conditions.

12. Contact

privacy@polixai.io
Stockholm, Sweden

Data Processing Addendum (DPA)