Data Processing Agreement
This Data Processing Agreement (DPA) forms part of the Terms of Service between InvoHub UAB (“Processor”) and the customer (“Controller”).
Note: This DPA template is based on the EU Standard Contractual Clauses 2021 and will be finalized before public launch.
1. Scope
InvoHub processes personal data on behalf of the Controller solely to provide the InvoHub service as described in the Terms.
2. Roles
- Controller: the customer
- Processor: InvoHub UAB
- Sub-processors: see Sub-processors
3. Subject matter and duration
Processing continues for the duration of the service relationship and ends with account termination, subject to retention periods in the Privacy Policy.
4. Annex I — Description of processing
[Final details: categories of data subjects, categories of personal data, sensitive data, frequency of transfer, nature and purpose of processing.]
5. Annex II — Technical and organizational measures
- AES-256 encryption at rest
- Row-level security (RLS) at the database layer
- EU-only data residency
- Access controls with multi-factor authentication
- Audit logging of all data access
- Regular security assessments
6. Annex III — List of sub-processors
See Sub-processors.
7. Customer obligations
Customer warrants that it has the legal basis to instruct InvoHub to process the personal data submitted to the service.
8. International transfers
Personal data is processed in the EU. Where sub-processors operate outside the EU (e.g. Anthropic in the US), transfers are governed by EU Standard Contractual Clauses 2021.
9. Audits
Customer may request, no more than once per year, evidence of InvoHub’s compliance with this DPA.