Data Processing Agreement
Last updated: March 21, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between Sentinel Alpha ("Processor") and the customer ("Controller") for the use of Caprica Agent Premium services. This DPA applies exclusively to the Premium tier where documents are stored on Sentinel Alpha's managed infrastructure.
This DPA is not applicable to Pro (self-hosted) customers, as no personal data is processed by Sentinel Alpha in that tier.
1. Definitions
- Controller: The customer organization that uploads documents and determines the purpose of processing.
- Processor: Sentinel Alpha, which processes data on behalf of the Controller.
- Personal Data: Any information relating to an identified or identifiable natural person, as defined by GDPR Article 4(1).
- Sub-processor: A third party engaged by the Processor to assist in processing (e.g., LLM providers, hosting providers).
2. Scope of Processing
The Processor processes personal data solely for the purpose of providing the Caprica Agent service:
- Nature: Document storage, text extraction, vector indexing, AI-powered question answering.
- Types of data: Documents uploaded by the Controller (may contain names, contact details, financial data, HR records, or other personal data as determined by the Controller).
- Data subjects: Employees, clients, or other individuals whose data appears in uploaded documents.
- Duration: For the term of the subscription, plus a 30-day export window after termination.
3. Processor Obligations
Sentinel Alpha shall:
- Process personal data only on documented instructions from the Controller.
- Ensure that persons authorized to process data are bound by confidentiality obligations.
- Implement appropriate technical and organizational security measures, including:
- Encrypted connections (TLS/SSL) for all data in transit.
- Access control via authentication tokens (role-based).
- PII detection and redaction before data is sent to LLM providers.
- Tamper-evident audit logging (HMAC-SHA256).
- Server access restricted to SSH key authentication.
- Not access the Controller's documents except for:
- Technical support, when explicitly requested by the Controller.
- Server maintenance and security updates.
- Investigating a security incident.
- Notify the Controller within 72 hours of becoming aware of a personal data breach.
- Assist the Controller with data subject rights requests (access, rectification, erasure, portability).
- Delete or return all personal data within 30 days after termination of the service, unless retention is required by law.
4. Controller Obligations
The Controller shall:
- Ensure a lawful basis exists for processing the personal data uploaded to Caprica Agent.
- Be responsible for the content of uploaded documents and ensuring they do not contain data that should not be processed.
- Manage user access within the Caprica Agent platform (admin tokens, user roles).
- Inform data subjects about the use of AI-assisted document processing where required.
5. Sub-processors
The sub-processors used for your deployment are specified in the service agreement accompanying this DPA. The table below lists the categories of sub-processors that may be engaged. The specific providers and locations for your deployment are confirmed during onboarding.
| Category | Purpose | Data Sent | Typical Location |
|---|---|---|---|
| VPS / Cloud hosting provider | Infrastructure hosting | All stored data (encrypted at rest) | EU (default) |
| LLM provider (e.g. Anthropic, OpenAI, Google) | AI inference | PII-redacted text fragments only | USA / EU |
| Local LLM (e.g. Ollama) | AI inference (if configured) | No data leaves the server | USA / EU |
The Processor will inform the Controller at least 30 days in advance of any intended changes to sub-processors, giving the Controller the opportunity to object.
6. Data Flow
The following data flow applies to Premium tier:
1. Controller uploads document to Caprica Agent
2. Document is stored on the managed server (provider and location as specified in your service agreement)
3. Text is extracted and split into chunks, stored in local vector database
4. When a user asks a question, relevant chunks are retrieved
5. PII firewall scans and redacts personal data from chunks
6. Sanitized text fragments are sent to the configured LLM provider
7. LLM response is returned to the user
8. All actions are logged in tamper-evident audit log
7. International Transfers
When LLM providers outside the hosting region are used, only PII-redacted text fragments are transferred. Full documents and original personal data remain on the managed server. The specific hosting location and LLM providers are documented in your service agreement. Where applicable, LLM providers process data under their own DPAs and Standard Contractual Clauses (SCCs).
8. Audit Rights
The Controller has the right to audit the Processor's compliance with this DPA. Audits may be conducted:
- Upon reasonable notice (minimum 14 days).
- Maximum once per year, unless a data breach has occurred.
- Via the built-in audit log in Caprica Agent (accessible to the Controller's admin).
- Via a written questionnaire or remote inspection.
9. Data Retention & Deletion
- During subscription: Documents and vector data are retained as long as the subscription is active.
- After termination: 30-day export window, then all data is permanently deleted from the VPS.
- Audit logs: Retained for 90 days after termination for compliance purposes, then deleted.
- Backups: Purged within 30 days of data deletion.
10. Governing Law
This DPA is governed by the laws of the Netherlands and the General Data Protection Regulation (GDPR). Any disputes shall be submitted to the competent court in Amsterdam, the Netherlands.
11. Contact
For questions about this DPA or to exercise audit rights:
Sentinel Alpha
Email: info@sentinelalpha.tech
Web: sentinelalpha.tech