Data Processing Agreement Template

Template date: 10 May 2026

1. Parties and Roles

The dealer using ChronoAI is generally the controller for buyer, listing, and dealer business data entered into or made available to ChronoAI. Chronoai OÜ acts as processor when it processes that data to provide AI-assisted drafting, account operation, connector pairing, billing state, support, security, and debugging.

2. Subject Matter and Duration

Processing continues for the duration of the dealer's beta account and any limited retention period needed for deletion, security, legal, billing, or audit purposes.

3. Categories of Data

• Dealer account, onboarding, application, approval, and consent data.
• Listing, inventory, pricing, and dealer-edited context.
• Chrono24 thread/message context made available for draft generation.
• Generated drafts, dealer edits, draft status, and usage metadata.
• Connector pairing, extension health, API key metadata, and security logs.
• Billing metadata and subscription status.

4. Processing Instructions

Chronoai OÜ processes data to provide and secure ChronoAI, generate suggested replies for dealer review, operate billing and access checks, support users, debug issues, and comply with lawful obligations. ChronoAI does not send messages automatically.

5. Security Measures

Security measures are proportionate to a controlled beta and include HTTPS, dealer-scoped access controls, session-based authentication, connector API key hashing, limited operator access, operational logging, and separation of billing card handling through Stripe. These measures are not a certification or guarantee of compliance.

6. Subprocessors

Current subprocessors:

• Stripe - payment method collection, subscription management, invoices, and billing portal.
• Anthropic - AI draft generation using dealer-selected or dealer-available context.
• Postmark - transactional email delivery, including login links and account notices.

Chronoai OÜ may update subprocessors as the beta evolves and should notify affected dealers where a material processor change affects their data.

7. Incident Notification

If Chronoai OÜ becomes aware of a confirmed security incident affecting dealer personal data, it will notify the affected dealer without undue delay after initial assessment, provide known facts, and cooperate reasonably with investigation and mitigation.

8. Assistance

Chronoai OÜ will provide reasonable beta-stage assistance for data subject requests, deletion, access, correction, and security questions, taking into account the product's current manual operations and scope.

9. Deletion or Return

At account closure or verified request, Chronoai OÜ will delete or return eligible dealer data where feasible, subject to temporary retention of billing records, security/audit logs, backups, dispute records, and legally required records. More detail is available at /data-deletion.

10. Beta Scope

This template is intentionally scoped to the current controlled beta. It does not include enterprise audit rights, certifications, standard contractual modules, or compliance guarantees that ChronoAI has not implemented.