Skip to content
Legal

Data Processing Agreement

Ensuring compliance and security in how we handle your data.

Effective Date

January 11, 2026

1. Scope and Purpose

This Data Processing Agreement ("DPA") governs the processing of personal data by Eddy's AI Lab ("Processor") on behalf of the customer ("Controller") in connection with the services provided under our Terms of Use. This agreement is intended to ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Processing Terms

2.1 Roles of Parties The Customer acts as the Data Controller and Eddy's AI Lab acts as the Data Processor. 2.2 Nature and Purpose Processing operations include the storage, retrieval, and use of personal data necessary to provide educational courses and track student progress. 2.3 Duration The processing will continue for the duration of the customer's account activity.

3. Processor Obligations

We bear the following obligations: • Process data only on documented instructions from the Controller (i.e., you, by using the service). • Ensure that persons authorized to process the personal data have committed themselves to confidentiality. • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

4. Sub-processors

We utilize trusted third-party sub-processors to deliver our services. By using our services, you authorize the engagement of these sub-processors: • Clerk (Authentication) • Vercel (Hosting & Infrastructure) • Stripe/Paystack (Payment Processing) • Resend (Email Communications) • Neon/Supabase (Database Services)

5. Data Subject Rights

We shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR (including access, rectification, erasure, and portability).

6. International Transfers

Data may be processed in countries outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Contact and DPO

For any inquiries regarding data processing or this DPA, please contact our Data Protection Officer (DPO) at: • Email: [email protected] • Address: Nairobi, Kenya