Disruptive Rain
Disruptive Rain
Data Processing Agreement

Data ProcessingAgreement.

Our commitment to protecting your data under GDPR and applicable data protection laws.

GDPR Compliance In Progress
Standard Contractual Clauses

Last updated: January 2026

Scope & Definitions

This Data Processing Agreement ("DPA") forms part of the agreement between Disruptive Rain ("Processor") and the customer ("Controller") for the provision of our AI platform services.

This DPA reflects our commitment to process personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Key Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data.
  • "Controller" means the entity that determines the purposes and means of processing.
  • "Processor" means the entity that processes data on behalf of the controller.

AI Model Training

This section describes how Customer Data may be used for AI model training and the controls available to enterprise customers.

Default Enterprise Terms

For customers with an executed DPA, the following defaults apply:

  • No Training by Default: Customer Content is NOT used for training shared AI models unless explicitly opted in.
  • Customer-Specific Models: Training on Customer Data for customer-specific model fine-tuning requires separate written authorization.
  • Aggregated Analytics: Anonymized and aggregated usage metrics may be used for service improvement.

Opt-In Training Options

Enterprise customers may opt in to contribute data for model training with the following benefits:

  • Contribute to improving model quality for all users
  • Access to enhanced AI capabilities and early feature releases
  • Potential volume-based pricing discounts

Technical Safeguards

  • Data used for training undergoes anonymization and de-identification processes
  • PII detection and removal prior to model training
  • Differential privacy techniques applied where applicable
  • Training data access restricted to authorized personnel only
Data Processing Details

What we process.

Details about the personal data we process and why.

Types of Personal Data

  • Account information (name, email, organization)
  • Usage data and interaction logs
  • Content submitted to AI services (inputs, prompts, outputs)
  • AI conversation and interaction history
  • Technical data (IP addresses, device info)
  • Communication records (support tickets)

Categories of Data Subjects

  • Customer employees and administrators
  • End users of customer applications
  • Customer contacts and representatives

Processing Purposes

  • Providing and improving AI services
  • AI model training and development (subject to customer preferences)
  • Account management and authentication
  • Customer support and communication
  • Security and fraud prevention
  • Analytics and service optimization
Security Measures

How we protect your data.

Technical and organizational measures to ensure data security.

Encryption

AES-256 encryption at rest, TLS 1.3 in transit. Customer-managed keys available.

Access Controls

Role-based access, MFA enforcement, least-privilege principle.

Monitoring

24/7 security monitoring, intrusion detection, anomaly alerts.

Infrastructure

Enterprise-grade data centers, network isolation, DDoS protection. SOC 2 certification in progress.

Sub-processors

Our sub-processors.

Third-party services that may process personal data on our behalf.

Provider
Location
Purpose
Amazon Web Services
United States/EU
Cloud infrastructure
Google Cloud Platform
United States/EU
AI/ML infrastructure
MongoDB Atlas
United States/EU
Database services
Stripe
United States
Payment processing
SendGrid
United States
Email delivery
Datadog
United States
Monitoring and observability

We maintain an up-to-date list of sub-processors. Customers are notified of changes with at least 30 days' notice.

Data Subject Rights

Your rights.

Rights available to data subjects under GDPR.

Right to Access

Right to obtain confirmation and access to personal data

Right to Rectification

Right to correct inaccurate personal data

Right to Erasure

Right to request deletion of personal data

Right to Portability

Right to receive data in a portable format

Right to Restriction

Right to restrict processing in certain circumstances

Right to Objection

Right to object to processing based on legitimate interests

We assist customers in responding to data subject requests. Contact your account manager or email privacy@disruptiverain.com for assistance.

Data Transfers

International transfers.

How we ensure lawful transfer of data across borders.

Standard Contractual Clauses

We use EU Commission-approved Standard Contractual Clauses (SCCs) for transfers of personal data outside the EEA.

  • Module 2: Controller to Processor
  • Module 3: Processor to Processor

Data Residency Options

Enterprise customers can specify data residency requirements:

  • EU-only data processing
  • US-only data processing
  • Custom regional requirements

Audit Rights

Customers have the right to audit our compliance with this DPA:

  • Access to SOC 2 Type II reports (available upon certification)
  • Third-party audit results
  • On-site audits (enterprise plans)

Breach Notification

In the event of a personal data breach:

  • Notification within 72 hours
  • Detailed incident report
  • Assistance with notifications

Download the full DPA.

Download our complete Data Processing Agreement for your records. This document includes all terms, conditions, and appendices.

Request DPA Document

Enterprise customers can request executed copies through their account manager.

Questions about data processing?

Our privacy team is here to help with any questions about how we handle your data.

Contact Privacy TeamVisit Trust Center