Data Processing Agreement
Last updated July 2026
This summary describes how Skalpel processes personal data on your behalf. A full DPA is available for customers on request.
Roles
You are the data controller. Skalpel acts as your data processor and processes personal data only on your documented instructions.
Scope of processing
Skalpel processes usage metadata to meter, attribute, and reconcile AI spend. Prompt and response content is processed only if you enable the consent-gated content archive.
Subprocessors
Skalpel uses AWS for hosting, storage, and key management (KMS). A current list of subprocessors is available on request, and we give notice of material changes.
Security measures
Row-level-security tenant isolation, encryption in transit and at rest, KMS-custodied keys, least-privilege access, and audit logging.
International transfers
Where personal data is transferred across borders, Skalpel relies on Standard Contractual Clauses and equivalent safeguards.
Data subject rights
Skalpel supports access, export, and erasure requests, including Article 17 deletion propagated across analytical archives.
Term and deletion
On termination, Skalpel deletes or returns personal data in line with your instructions and applicable law.
Contact
For a signed DPA or questions, email [email protected].