This DPA forms part of the Terms of Service and governs personal data processed on your behalf.
Last updated: June 2026
This Data Processing Agreement ("DPA") between Hush Technologies, Inc.("Processor") and the customer ("Controller") supplements the Terms of Service and governs personal data that HushSafe processes on the Controller's behalf in connection with the moderation API.
[Placeholder — replace with your legal team's full DPA text. For enterprise customers requiring a countersigned DPA, contact legal@hushsafe.com.]
HushSafe processes text content submitted to the moderation API on behalf of the Controller. Processing is limited to: analyzing text for moderation decisions, logging request metadata per the Controller's retention settings, and serving correction feedback for active learning (when enabled).
The nature of processing is automated text analysis for content moderation. The purpose is to return moderation decisions (PASS, REVIEW, BLOCK), category scores, and plain-English explanations to the Controller's application.
The Controller determines what data is submitted to the API. Data submitted may include user-generated text that contains personal data (e.g. names, contact details in messages). HushSafe processes this data only to the extent necessary to deliver the moderation result.
HushSafe uses the following subprocessors. We will provide 30 days' notice before adding new subprocessors.
| Subprocessor | Purpose | Region |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure, compute, storage (S3, SQS, RDS, ElastiCache, Firehose) | US / EU options |
| Supabase | Authentication and identity management | US (AWS us-east-1) |
| Akamai | Edge content delivery, Tier 0 deterministic moderation | Global edge |
| Stripe | Payment processing and billing | US |
HushSafe will assist the Controller in fulfilling data subject rights requests (access, erasure, portability) within 30 days of receiving a documented request. Contact: privacy@hushsafe.com.
HushSafe implements the technical and organizational measures described on the Security page, including encryption at rest and in transit, access controls, audit logging, and incident response procedures.
Enterprise customers requiring a countersigned DPA with custom terms should contact legal@hushsafe.com.