Data Processing Agreement

End users of your automation workflows, chatbots, or AI agents — typically your clients or customers — whose conversation content, preferences, or other information you store as memory entries.

Any text content you submit as memory entries. This may include names, contact details, communication history, preferences, or any other information you choose to store. retainr does not impose restrictions on content categories but see Section 9.4 regarding special category data.

For the duration of your active subscription. Upon termination, data is deleted within 30 days as described in Section 8.

retainr processes Personal Data only on your documented instructions. Your API calls (write, query, delete) constitute documented instructions. retainr will not process Personal Data for any other purpose unless required by EU or Slovak law, in which case retainr will inform you of that legal requirement before processing, unless prohibited from doing so by law.

retainr ensures that all personnel authorised to process Personal Data are bound by appropriate confidentiality obligations. This obligation survives termination of this DPA and the Terms of Service.

retainr implements and maintains the following technical and organisational measures appropriate to the risk:

• Data location: All Personal Data is stored exclusively on Hetzner infrastructure in Germany (Falkenstein and/or Nuremberg data centres). No Personal Data is replicated outside the EU.
• Encryption in transit: All API communication is encrypted using TLS 1.3. HTTP connections are refused.
• Encryption at rest: Database volumes are encrypted at rest via Hetzner managed disk encryption.
• Access control: Database access requires authentication credentials. API access requires per-workspace Bearer tokens. Internal API endpoints require a separate secret token. No public access to raw data stores.
• Backups: Automated daily PostgreSQL backups to an encrypted volume. Retention: 7 days.
• Breach notification: retainr will notify you without undue delay, and in any event within 48 hours of becoming aware of a Personal Data breach affecting your data. Notification will be sent to the email address associated with your account.
• Availability: The infrastructure is monitored continuously. Health checks run every 5 minutes with automated restart on failure.
• Sub-processor security: retainr contractually requires sub-processors to implement equivalent security measures.

You grant retainr general authorisation to engage the sub-processors listed in Section 5 below. retainr will notify you by email at least 10 business days before adding or replacing any sub-processor. You may object to a new sub-processor by emailing [email protected] within 10 business days of the notice. If the objection cannot be resolved, you may terminate your subscription without penalty.

retainr remains fully liable for the acts and omissions of its sub-processors to the same extent as if retainr had performed the processing directly.

retainr implements the following to assist you in responding to requests from data subjects exercising their rights under Articles 15–22 GDPR:

• Access (Art. 15): You can retrieve all memories for a user via GET /v1/memories?namespace={user_id}.
• Erasure (Art. 17): You can delete all memories for a user via DELETE /v1/memories with appropriate filters, or delete individual memories by ID.
• Portability (Art. 20): You can export memory data via GET /v1/analytics/export in CSV format.
• Restriction (Art. 18): You can set a memory's importance field to 0 to exclude it from retrieval without deletion.

retainr will forward any data subject requests received directly to you within 5 business days and will not respond to data subjects directly without your authorisation, except as required by law.

retainr will assist you with:

• Security obligations (Art. 32): By implementing and maintaining the TOMs in Section 4.3.
• Breach notification (Art. 33–34): By notifying you within 48 hours of a confirmed breach with sufficient detail for you to meet your own notification obligations to supervisory authorities and data subjects.
• DPIAs (Art. 35): By providing information about our processing operations upon written request.
• Prior consultation (Art. 36): By cooperating with supervisory authority enquiries that concern our processing on your behalf.

Upon termination or expiry of the Terms of Service, retainr will, at your election:

• Export: Make your data available for export for 14 days following termination, via GET /v1/analytics/export. After 14 days, data is deleted.
• Delete: Permanently delete all Personal Data associated with your workspace within 30 days of termination.

Backups containing your Personal Data will be purged within 37 days of termination (30-day data deletion + 7-day backup retention cycle). retainr may retain anonymised aggregate usage statistics that cannot be linked to your workspace or any individual.

retainr will provide all information reasonably necessary to demonstrate compliance with this DPA upon written request to [email protected].

For customers who require a formal audit, retainr will respond to security questionnaires and, where available, provide SOC 2 Type II reports or equivalent third-party security assessments in lieu of on-site audits. On-site audits may be agreed in writing for enterprise customers with legitimate need, subject to reasonable notice and cost allocation.

If your compliance requirements preclude any of the sub-processors listed above — for example, you require EU-only AI inference, a self-hosted embedding model, or exclusion of specific vendors — contact us at [email protected] to discuss a custom deployment. We can accommodate bespoke sub-processor arrangements for enterprise customers with legitimate regulatory, sector-specific, or data-residency needs.

retainr does not use Personal Data stored via the API to train, fine-tune, evaluate, or improve any machine learning model — including models operated by retainr or its sub-processors. Specifically:

• Text sent to Voyage AI for embedding generation is processed transiently and not retained by Voyage AI for training purposes under their API terms.
• Text sent to Anthropic for summarisation is subject to Anthropic's API Data Processing Addendum, which prohibits training on API customers' input data.

Personal Data is processed exclusively to provide the Services: storing, indexing, retrieving, and managing memories per your API instructions. retainr will not use Personal Data for product analytics, benchmarking, feature development, or any other purpose without your explicit prior written consent.

The retainr API is designed to support your DSAR (Data Subject Access Request) obligations:

• Retrieve all data for an individual: Use the namespace parameter with a consistent user identifier to scope all memories to that individual, then retrieve with GET /v1/memories?namespace={user_id}.
• Delete all data for an individual: Use DELETE with namespace scoping to erase all memories for a specific user.
• Full workspace deletion: Contact [email protected] for complete workspace data deletion within 30 days.

The Services are not designed or approved for processing special categories of personal data as defined in Article 9 GDPR (health data, biometric data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, sex life or sexual orientation data, data relating to criminal convictions).

You must not submit special category data via the API without a prior written agreement with retainr that establishes the appropriate legal basis, additional safeguards, and operational controls required for such processing.

Memory content is converted to vector embeddings by Voyage AI to enable semantic search. These embeddings are stored in retainr's database in Germany. Voyage AI receives the text transiently for embedding generation and does not retain it. Short or highly specific memory entries may produce embeddings from which the original text could be partially reconstructed; this is an inherent property of embedding models and should be considered when deciding what content to store.