Data Processing Addendum

1. Roles

For personal data you send through the Privian gateway, you act as the data controller and Privian acts as a data processor. Privian processes personal data only on your documented instructions — the configuration you set in your account, your gateway requests, and the BYOK provider destinations you choose.

For account-level data (your own contact details, billing information, support correspondence), Privian acts as an independent controller as described in the Privacy Policy.

2. Customer-controlled provider destinations (BYOK)

Privian operates on a Bring Your Own Key model. The LLM provider that receives a request is selected by you and authenticated using your own credentials. Once a request leaves Privian, the receiving provider becomes an independent processor under your direct relationship with that provider. Privian does not act as a sub-processor of the LLM provider, and the LLM provider's terms, privacy notices and processing locations govern that hop.

3. Subprocessors

Privian uses a small list of subprocessors to operate the service. The current list is maintained at /legal/subprocessors. We will update that page when we add or change a subprocessor and will provide notice to business customers under signed DPAs in accordance with the executed agreement.

4. Security measures

Technical and organizational measures are described in detail at /security/data-handling. Summary:

• BYOK provider credentials encrypted at rest with AES-256-GCM; plaintext discarded immediately after encryption.
• Gateway API keys stored as SHA-256 hashes.
• Masking of configured sensitive entities before the prompt leaves Privian; rehydration in-memory before responses return to your application.
• No retention of raw prompt or response bodies.
• Role separation between the gateway runtime and the LiteLLM execution component; LiteLLM does not handle customer auth, billing or credential storage.
• Access to production infrastructure restricted to authorized Privian operators.

5. Data subject requests

Where you receive a request from a data subject relating to personal data processed through Privian, Privian will assist you, taking into account the nature of the processing and the information available, to fulfil your obligations. Operationally this is bounded by what Privian actually retains — primarily account, billing and sanitized usage metadata. Raw prompts and responses are not retained, so they cannot be retrieved or exported from Privian after the request has completed.

6. Breach notification

Privian will notify affected business customers of a personal data breach affecting their data without undue delay after becoming aware of it, and in any event within the timeframe agreed in the executed DPA. Notice will include the nature of the breach, categories of data involved (to the extent known), measures taken, and a point of contact for follow-up.

7. International transfers

Where personal data is transferred outside the EU / EEA — for example to subprocessors operating from the United States — such transfers rely on appropriate safeguards (for example Standard Contractual Clauses) provided by those subprocessors. The signed DPA includes the relevant international transfer annex required by the executed agreement.

8. Sub-processor changes

When we intend to engage a new sub-processor or replace an existing one, we will update the public list at /legal/subprocessors and, for business customers under a signed DPA, provide notice as required by that DPA.

9. Term

The DPA applies for as long as Privian processes personal data on your behalf. On termination of the underlying service, Privian will delete or return personal data in accordance with the executed DPA, subject to legal retention obligations.

10. How to request a signed DPA

Business customers who require a counter-signed DPA can request one by emailing support@privian.io with the legal entity name and the email of the signatory. We will return a DPA based on this overview within a reasonable timeframe.