Home / Trust / Data Processing Addendum
Developum AI Inc. · Data Processing

Data Processing Addendum.

Effective July 1, 2026

This Data Processing Addendum ("DPA") governs Developum AI Inc.'s processing of Personal Data on behalf of Customer in connection with the EVOLUM platform and other Developum services. It is incorporated into and forms part of our Terms of Service. If Customer requires a signed DPA for internal records, the version at this URL is available on request as an executable document via security@developumaiengine.com.

This DPA is provided as a plain-language reference. It reflects our operational reality. Customers with specific regulatory obligations (large-enterprise GDPR obligations, healthcare data, government contracts) should engage us via email to negotiate a bespoke DPA where required.

1. Definitions

Terms used in this DPA have the meanings given in the GDPR unless otherwise defined. For clarity:

2. Scope & Roles

Under this DPA, Customer is the data controller and Developum is the data processor for Personal Data submitted to the platform. Each party shall comply with its respective obligations under applicable data-protection law.

3. Nature and Purpose of Processing

Developum processes Personal Data solely to provide the EVOLUM service Customer has subscribed to. This includes:

Developum does not use Personal Data for advertising, does not train external AI models on it, and does not sell it.

4. Categories of Data Subjects and Data

Data Subjects

Categories of Personal Data

5. Sub-processors

Customer authorizes Developum to engage the sub-processors listed at /subprocessors to help deliver the service. That list is kept current. Developum will:

6. Security Measures

Developum implements the technical and organizational measures documented in our Security Overview and Trust Center. In summary:

7. Data Subject Requests

Where Customer receives a request from a data subject to exercise their rights (access, rectification, erasure, portability, restriction, objection), Developum will assist Customer to the extent reasonably possible. Customer is responsible for verifying the requestor's identity and responding within regulatory deadlines.

Developum-facilitated requests can be initiated at privacy@developumaiengine.com.

8. Personal Data Breach Notification

Developum will notify Customer without undue delay — and in any event within 72 hours of becoming aware — of any Personal Data Breach affecting Customer's data. The notification will describe the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and the measures taken or proposed to address it.

9. International Transfers

Where Personal Data is transferred outside the EEA, UK, or Switzerland, Developum relies on the Standard Contractual Clauses ("SCCs") published by the European Commission and, for UK transfers, the UK International Data Transfer Addendum, in each case as incorporated by reference into this DPA. Copies available on request.

10. Deletion and Return of Data

Upon termination of the underlying service, Developum will, at Customer's choice, delete or return all Personal Data within 30 days of termination, subject to any legal obligation to retain certain records. Backups containing Customer data are overwritten in the normal rotation cycle (documented in the DR/BCP).

11. Audits

Customer may audit Developum's compliance with this DPA once per calendar year with 30 days' written notice. Developum will provide reasonable access to relevant records, personnel, and facilities, subject to confidentiality. Where Developum has undergone or engages a third-party audit (including future SOC-2 Type II attestation), the resulting report may satisfy this obligation.

12. Contact

For all DPA-related matters, contact privacy@developumaiengine.com.

Questions or requests? Reach us at security@developumaiengine.com for security, compliance, or auditor inquiries. For all other legal questions: hello@developumaiengine.com.