SikloAI
← Home
Data Processing Agreement
Last updated: June 2026
1. Roles
For personal data you and your end users submit to the Service (“Customer Data”), you are the data controller and SikloAI is the data processor, processing Customer Data only to provide the Service and on your documented instructions (including via your use of the product's features and connected integrations).
2. Details of processing
| Subject matter | Provision of the SikloAI platform, agents, and integrations. |
|---|---|
| Duration | For the term of your account, plus the retention/deletion periods below. |
| Nature & purpose | Hosting, processing, retrieving, and transmitting Customer Data to operate your workspaces, agents, and connected apps. |
| Types of data | Account and contact details, workspace content and knowledge documents, end-user chat messages, and any data accessed through integrations you connect. |
| Data subjects | You, your team, and the end users who interact with your assistant or whose data is in your connected apps. |
3. Processor obligations
- Instructions: we process Customer Data only on your instructions and as needed to provide the Service, unless required by law (in which case we'll inform you where permitted).
- Confidentiality: personnel authorized to process Customer Data are bound by confidentiality.
- Security: we maintain appropriate technical and organizational measures — see our Security page (encryption at rest, hashed credentials, tenant isolation, access controls).
- Assistance: taking into account the nature of processing, we will reasonably assist you with data-subject requests and with your security, breach-notification, and impact-assessment obligations.
4. Sub-processors
You authorize us to engage the sub-processors below to provide the Service. We require them to provide protections consistent with this DPA, and will give notice of material changes so you may object on reasonable grounds.
| Sub-processor | Purpose |
|---|---|
| Anthropic | AI model processing (on your own API key) |
| Railway | Application hosting & database |
| Cloudflare | DNS, CDN, and security |
| Lemon Squeezy | Payments & merchant of record |
| Resend | Transactional email delivery (if enabled) |
Third-party apps you choose to connect (e.g., Google, Slack, GitHub, Notion) act under your direction and your agreements with those providers; they are not our sub-processors.
5. Data-subject requests
Where a data subject contacts us directly about Customer Data, we will refer them to you and reasonably assist you in responding. You can access, correct, export, and delete much of your data from the dashboard.
6. Personal data breach
We will notify you without undue delay after becoming aware of a personal-data breach affecting Customer Data, with the information reasonably available to help you meet your notification obligations.
7. Return & deletion
You may delete workspaces (removing their knowledge, usage, and activity) at any time. On account closure, we delete or anonymize Customer Data after a reasonable period, except where retention is required by law.
8. International transfers
Where Customer Data is transferred across borders, we and our sub-processors rely on lawful transfer mechanisms (such as Standard Contractual Clauses) where applicable.
9. Audits
On reasonable request and subject to confidentiality, we will make available information necessary to demonstrate compliance with this DPA.
Contact
Email [email protected].