Data Processing
Addendum.

This Data Processing Addendum ("DPA") supplements the Master Services Agreement between you (the "Client") and Brevity Solutions LLC ("Brevity") and applies whenever Brevity processes personal data on behalf of the Client.

1. Roles

The Client is the Data Controller. Brevity acts as the Data Processor and processes personal data only on documented instructions from the Client.

2. Sub-processors

Brevity uses the following sub-processors: Vercel (hosting), Supabase (database), Stripe (payments), Resend (transactional email), Anthropic (AI inference), OpenAI (AI inference), AWS (infrastructure). All sub-processors are contractually bound to equivalent data protection obligations.

3. Security measures

Brevity implements appropriate technical and organizational measures, including encryption, access controls, audit logging, and incident response procedures as documented in our Security Practices page.

4. Data subject rights

Brevity assists the Client in fulfilling data subject requests (access, rectification, erasure, portability) under GDPR and equivalent regulations. Requests are addressed within 30 days.

5. International transfers

Where personal data is transferred outside the EEA, transfers occur under Standard Contractual Clauses or equivalent legal mechanisms.

6. Term and termination

This DPA remains in effect for as long as Brevity processes personal data on behalf of the Client. Upon termination, Brevity will delete or return all personal data within 30 days.

To execute a counter-signed DPA for your engagement, contact dpa@brevity.solutions.