Data Processing Agreement
Last updated: June 1, 2025
Standard DPA
For customers requiring a signed Data Processing Agreement under GDPR Article 28 or DPDP.
Overview of Processing
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Laghav AI ("Data Processor") and you ("Data Controller").
Laghav processes personal data solely to provide the prompt optimization, routing, and analytics services as described in the Terms of Service. Crucially, prompt content is processed ephemerally in-memory and is never stored persistently.
For the duration of the Agreement, until the Data Controller deletes their account or requests erasure.
Employees of the Data Controller (users of the Laghav dashboard) and end-users of the Data Controller whose data may be incidentally included in prompts sent to the Laghav API.
Account information (email addresses), usage metadata (IP addresses, API request logs excluding prompt content). Prompt content may contain any personal data submitted by the Controller, but is never stored by Laghav.
Sub-processors
Laghav engages the following sub-processors to deliver the Service. We maintain written agreements with each, ensuring they offer equivalent data protection standards.
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, and infrastructure | India (Mumbai) |
| Cloudflare | CDN, WAF, DNS, Edge computing | Global |
| Anthropic, OpenAI, Google | LLM inference providers (receive compressed prompts only) | USA |
| Resend | Transactional email delivery | USA |
Security Measures
Laghav implements and maintains robust technical and organizational measures to protect Personal Data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, strict access controls, and the fundamental architectural guarantee that prompt content is never persisted to disk. Details are available on our Security page.