Data Processing Agreement
Last updated: May 2026
This Data Processing Agreement ("DPA") forms part of the agreement between Nytivo and you ("Customer") and governs the processing of personal data by Nytivo on behalf of the Customer in connection with the Nytivo Service.
1. Definitions
Terms used in this DPA have the meanings given in the General Data Protection Regulation (EU) 2016/679 ("GDPR"). "Customer Data" means personal data submitted to the Service by or on behalf of Customer.
2. Processing of Customer Data
Nytivo will process Customer Data only on documented instructions from the Customer, as set forth in the Terms of Service. Nytivo will not sell Customer Data or use it for its own marketing purposes.
3. Sub-processors
Nytivo uses the following sub-processors to provide the Service:
- Supabase Inc. — Database hosting (EU region)
- Stripe Inc. — Payment processing
- Resend Inc. — Transactional email
- Anthropic PBC — AI document drafting (Business plan only)
4. Security Measures
Nytivo implements appropriate technical and organisational measures to protect Customer Data, including encryption at rest and in transit, access controls, and regular security reviews.
5. Data Subject Rights
Nytivo will assist the Customer in responding to data subject requests within applicable timeframes.
6. Data Transfers
Customer Data is stored in the European Economic Area. Any transfers outside the EEA rely on appropriate safeguards under Article 46 GDPR.
Contact
DPA enquiries: dpa@nytivo.com