Data Processing Addendum

Purpose

This page summarizes our standard data-processing commitments for business and team customers that use Spatial to process personal data subject to applicable privacy laws. It is intended as a product-level overview, not as a substitute for a signed, customer-specific agreement where one is required.

If your organization needs a signed DPA, email support@prismos.dev.

Roles

Where applicable, the customer acts as controller or business for customer data submitted to the Service, and the operator of Spatial acts as processor or service provider for that customer data, except where we act as an independent controller for account, billing, security, fraud-prevention, and legal-compliance data.

Subject matter and duration

Processing covers the provision, maintenance, support, and security of the Service for the duration of the customer relationship and any limited post-termination retention period required for legal, security, accounting, or dispute-resolution purposes.

Types of data and data subjects

Depending on the customer's use of the Service, processed data may include account information, session content, prompts, source code, files, integration metadata, usage records, and support or feedback submissions. Data subjects may include the customer's users, employees, contractors, customers, or other individuals whose data the customer submits to the Service.

Processing instructions

We process customer data on the customer's documented instructions as reflected in the customer's use of the Service, our Terms, our Privacy Policy, and any signed order form or DPA. We may also process data as required to comply with law or to maintain the security and integrity of the Service.

Subprocessors and transfers

We may use subprocessors to provide the Service. Our current vendor categories are listed on the Subprocessors page. Data may be processed in the United States and other jurisdictions where we or our subprocessors operate.

Security and confidentiality

We use reasonable technical and organizational measures designed to protect customer data and limit access to authorized personnel and service providers who are subject to confidentiality obligations.

Deletion and return

On request or upon termination, we will delete or return customer data to the extent required by applicable law and the applicable agreement, subject to backup, legal-retention, security, and dispute-resolution needs. Data-subject deletion requests can be sent to support@prismos.dev.