• icon
  • Home
  • Data Processing Agreement

Data Processing Agreement

Effective Date: May 24, 2025

This Data Processing Agreement ("DPA") forms an integral part of the Terms of Service ("Agreement") between Bluedot Technology, LLC ("DocuPal," "we," "us," or "our") and you, the user ("Customer," "you," or "your"), governing the use of our AI-assisted document writing tool and related services (the "Service"). This DPA reflects the parties' agreement regarding the processing of Customer Data by DocuPal in connection with the Service.

1. Definitions

  • Customer Data: Means any personal data that DocuPal processes on behalf of Customer in connection with providing the Service, as more particularly described in Section 2.
  • Data Controller: Means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Data Processor: Means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • LLM Provider: Means the third-party provider of Large Language Model (LLM) APIs used by DocuPal to provide the Service.

2. Scope of Data Processing

  • As part of providing the Service, DocuPal acts as a Data Processor and will process Customer Data on behalf of Customer, who acts as the Data Controller.
  • The scope of data processing under this DPA includes:
    • Processing of Customer Data for Content Generation: This involves sending document content and contextual information (e.g., brand details, document purpose) to third-party LLM Providers via their enterprise APIs to generate AI-assisted drafts, suggestions, and completions. This data may include personal data if you input it into your documents (e.g., names, contact details, job titles, etc.).
    • Storage of Customer Data: We store Customer Data, including generated documents, on our servers to provide the Service.
    • Transmission of Customer Data: We transmit Customer Data internally to provide, maintain, and improve the Service, and externally to LLM Providers and other third-party service providers (e.g., hosting providers) as necessary to deliver the Service.
    • Type of Data: The Customer Data processed may include, but is not limited to: text content of documents, business names, addresses, logos, and other information input by Customer to personalize and generate documents.
    • Categories of Data Subjects: The Customer Data processed may relate to the Customer's employees, clients, customers, or other individuals whose personal data is included in the Customer's documents.
    • Purpose of Processing: The purpose of processing Customer Data is to provide the AI-assisted document writing service, including generating personalized documents, storing data, and providing customer support.

3. Obligations of DocuPal as Data Processor

  • Compliance with Data Protection Laws: DocuPal will process Customer Data in compliance with applicable data protection laws.
  • Instructions: DocuPal will only process Customer Data on documented instructions from Customer (as set out in this DPA and the Agreement), unless required to do so by applicable law. In such a case, DocuPal shall inform Customer of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.
  • Confidentiality: DocuPal will ensure that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Security: DocuPal will implement and maintain appropriate technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. These measures will consider the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Details of our security measures are described in our Privacy Policy.
  • Sub-Processors: DocuPal uses third-party LLM Providers to provide the Service.
    • Customer acknowledges and agrees that by using the Service, Customer consents to DocuPal's use of LLM Providers as sub-processors.
    • DocuPal uses enterprise editions of LLM APIs, which have Terms of Service that state that data sent via their APIs will not be used for training their models. While we rely on these commitments, we cannot provide an absolute guarantee that the LLM Providers will not use Customer Data for model training or other purposes.
    • A list of sub-processors currently used by DocuPal can be requested by contacting legal@bluedot.ltd.
  • Data Subject Rights: Taking into account the nature of the processing, DocuPal will assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer's obligation to respond to requests for exercising the data subject's rights laid down in applicable data protection laws (e.g., rights to access, rectification, erasure, restriction of processing, data portability).
  • Assistance with Data Protection Impact Assessments: DocuPal will assist Customer in ensuring compliance with the obligations regarding the security of personal data, notification of personal data breaches to the supervisory authority, communication of personal data breaches to the data subject, and data protection impact assessments, taking into account the nature of processing and the information available to DocuPal.
  • Data Breach Notification: DocuPal will notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Data.
  • Return or Deletion of Data: Upon termination or expiration of the Agreement, DocuPal will, at the choice of Customer, either delete or return all Customer Data to Customer, unless required by applicable law to retain such Customer Data.
  • Audit Rights: Upon Customer's reasonable request and subject to confidentiality obligations, DocuPal will make available to Customer information necessary to demonstrate compliance with the obligations laid down in this DPA, and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. Audits must be pre-approved by DocuPal in writing and will be conducted at Customer's expense, during DocuPal's normal business hours, and in a manner that does not disrupt DocuPal's operations.

4. Obligations of Customer as Data Controller

  • Customer is responsible for ensuring that it has a valid legal basis under applicable data protection laws for processing Customer Data and for providing instructions to DocuPal.
  • Customer is responsible for ensuring the accuracy, quality, and legality of Customer Data.
  • Customer is responsible for responding to and fulfilling requests from data subjects exercising their rights under applicable data protection laws.

5. Specific Considerations for LLM Providers

  • Enterprise API Use: DocuPal uses enterprise editions of LLM APIs, which typically have stronger data protection terms than their general-purpose counterparts.
  • No Customer Identification: DocuPal does not flag or tag Customer Data for LLM Providers in a way that directly identifies the Customer.
  • Personal Data Transmission: Due to the nature of the Service, which provides personalized document generation for businesses, it may be necessary for Customer to input personal data into their documents, which is then transmitted to the LLM Providers. Customer acknowledges and accepts this.
  • LLM Provider Policies: DocuPal is not responsible for the data processing practices or policies of the LLM Providers. Customer should review the privacy policies and terms of service of the LLM Providers to understand their practices.

6. Limitation of Liability

The liability of DocuPal under this DPA shall be subject to the limitations of liability set out in the Agreement.

7. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict of law provisions.

8. Term and Termination

This DPA shall become effective as of the Effective Date and shall continue in effect for as long as DocuPal processes Customer Data on behalf of Customer. This DPA shall automatically terminate upon the termination or expiration of the Agreement.

9. Changes to this DPA

DocuPal may update this DPA from time to time. We will notify you of any material changes by posting the new DPA on this page and updating the "Effective Date" at the top. Your continued use of the Service after any such changes constitutes your acceptance of the new DPA.

10. Contact Information

If you have any questions about this DPA, please contact us at:

  • Email: legal@bluedot.ltd