HomeData Processing Agreement

Data Processing Agreement

This DPA forms part of the Terms of Service and governs personal data processed on your behalf.

Last updated: June 2026

This Data Processing Agreement ("DPA") between Hush Technologies, Inc.("Processor") and the customer ("Controller") supplements the Terms of Service and governs personal data that HushSafe processes on the Controller's behalf in connection with the moderation API.

[Placeholder — replace with your legal team's full DPA text. For enterprise customers requiring a countersigned DPA, contact legal@hushsafe.com.]

1. Subject Matter

HushSafe processes text content submitted to the moderation API on behalf of the Controller. Processing is limited to: analyzing text for moderation decisions, logging request metadata per the Controller's retention settings, and serving correction feedback for active learning (when enabled).

2. Nature and Purpose of Processing

The nature of processing is automated text analysis for content moderation. The purpose is to return moderation decisions (PASS, REVIEW, BLOCK), category scores, and plain-English explanations to the Controller's application.

3. Types of Personal Data

The Controller determines what data is submitted to the API. Data submitted may include user-generated text that contains personal data (e.g. names, contact details in messages). HushSafe processes this data only to the extent necessary to deliver the moderation result.

4. Subprocessors

HushSafe uses the following subprocessors. We will provide 30 days' notice before adding new subprocessors.

SubprocessorPurposeRegion
Amazon Web Services (AWS)Infrastructure, compute, storage (S3, SQS, RDS, ElastiCache, Firehose)US / EU options
SupabaseAuthentication and identity managementUS (AWS us-east-1)
AkamaiEdge content delivery, Tier 0 deterministic moderationGlobal edge
StripePayment processing and billingUS

5. Data Subject Rights

HushSafe will assist the Controller in fulfilling data subject rights requests (access, erasure, portability) within 30 days of receiving a documented request. Contact: privacy@hushsafe.com.

6. Security Measures

HushSafe implements the technical and organizational measures described on the Security page, including encryption at rest and in transit, access controls, audit logging, and incident response procedures.

7. Enterprise DPA

Enterprise customers requiring a countersigned DPA with custom terms should contact legal@hushsafe.com.