Data Processing Agreement (DPA)

Standard GDPR Art. 28 DPA. Summary below — request the signed full version and you'll have it in under 24 hours.

Subject matter

Processing of operational and forecast-related data on behalf of the customer to provide the GastroForecast service.

Hosting & region

We host exclusively in the EU (Frankfurt). We do not process guest or staff data — only aggregated daily data.

Sub-processors

Anthropic (model inference, EU region) is the only sub-processor with access to customer content. Public weather, event and cruise data providers receive no personal data.

Technical and organisational measures

Encryption in transit (TLS 1.2+), encryption at rest (AES-256), access control via SSO + 2FA for internal operators, audit log of all billing and account-relevant actions, geographically redundant backups.

Deletion & return

On request, deletion of all customer data within 30 days with confirmation. Rolling 14-day backup retention.

Audit rights

You may audit with 14 days notice, once per year at no cost.

Request the signed version

Drop us a line with your company name and registered seat — you'll receive a signature-ready PDF (DocuSign) within 24 hours.

Request DPA

← Privacy