Homecarbon-llm

Data processing agreement (DPA) — B2B customers

Last updated: March 29, 2026

This document is addressed to business customers who use carbon-llm to process personal data in the course of their own business or on behalf of their own clients. It supplements the terms of service and privacy policy to frame the relationship controller (you) / processor (us) under Article 28 GDPR.

1. Subject matter

We process personal data only on your documented instructions, through compliant use of the Service (account, API, settings), unless required otherwise by law.

2. Nature of processing

Purposes: hosting LLM usage metadata, carbon indicators, billing, support, access security. Categories: business identifiers, technical usage logs, billing data, support messages — depending on what you submit through the Service.

3. Sub-processors

We may use providers (hosting, database, email, payment, CDN). We impose data protection obligations on them. A list may be maintained and provided on reasonable request.

4. Transfers

Transfers outside the EEA are governed by instruments under Chapter V GDPR (SCCs, etc.), as described in the privacy policy.

5. Duration

Processing lasts for the contractual relationship and, where applicable, the time needed to delete or export data per your instructions after termination, subject to legal retention duties.

6. Assistance

We assist you, as appropriate, with data subject requests and data protection impact assessments where required, given the nature of the Service.

7. Deletion and return

At the end of the service, we may delete or return data according to available features and technical timelines, unless legally required to retain it.

8. Audit

We make available information needed to demonstrate compliance and allow reasonable audits subject to confidentiality and notice, to a proportionate extent.

9. Signature / contractual version

For full B2B enforceability, a signed version (PDF, e-signature, or purchase order) may be required. This web page is a reference baseline; contact us for a customized DPA or an annex listing sub-processors and detailed security measures.

Notice: information template — validate with your counsel and complete (parties, processing locations, DPO, SCCs, technical measures).