Data Processing Addendum

Last updated: April 18, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Quantum AI WebApps Digital LLC ("Processor", "we") and the customer ("Controller", "you") using QuantumRepair (the "Service"). It applies where we process Personal Data on your behalf.

1. Roles

You are the Controller of Personal Data you input into the Service about your customers, employees, and other individuals. We are the Processor acting on your documented instructions.

2. Subject matter and duration

We process Personal Data to provide the Service for the duration of your subscription and for 30 days after termination to allow export. Categories: identification (name/email/phone), device data (IMEI, serial), financial (invoices, payments — no PAN stored by us), behavioral (tickets, comms history), and where you choose to upload them, ID documents for buyback compliance.

3. Sub-processors

We use the following sub-processors. You authorize their use by accepting this DPA. Current list:

  • Amazon Web Services (US) — hosting, storage
  • Stripe (US) — billing you for the subscription
  • SendGrid / Twilio SendGrid (US) — transactional email
  • Twilio (US) — SMS and voice (when you configure your keys)
  • Anthropic (US) — AI features (inputs processed per your commands)
  • Sentry (US) — error monitoring
  • Cloudflare (US) — CDN, WAF, DDoS

We will notify you 14 days before adding a new sub-processor so you may reasonably object.

4. Security

We maintain appropriate technical and organizational measures including: TLS 1.2+ in transit, AES-256-GCM for sensitive fields at rest, least-privilege access, audit logging, 2FA for employee access, regular backups, quarterly penetration tests, dependency vulnerability scanning, and incident response procedures.

5. International transfers

For transfers from the EU/UK/Switzerland, we rely on the Standard Contractual Clauses (Commission Implementing Decision 2021/914) and the UK Addendum, incorporated by reference.

6. Breach notification

We will notify you without undue delay and no later than 72 hours after becoming aware of a Personal Data breach affecting your data, along with the information required under Article 33 GDPR.

7. Data subject requests

We will assist you in responding to requests from data subjects (access, rectification, erasure, restriction, portability) by providing tools within the Service (CSV export, delete account) or on reasonable written request.

8. Return or deletion

On termination or written request, we will return or delete all Personal Data processed on your behalf within 30 days, except where retention is required by law (billing records for 7 years).

9. Audits

You may request a summary of our current security controls once per year. On-site audits require mutual agreement and cost-reimbursement.

10. Liability

Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service.

11. Governing law

This DPA is governed by the laws specified in the Terms of Service.

Questions: privacy@quantumrepair.app

Questions? legal@quantumrepair.app