Data Processing Agreement

This Data Processing Agreement (DPA) supplements the Knull Terms of Service and applies whenever Knull (the "Processor") processes personal data on behalf of the customer (the "Controller").

Roles

The Controller determines the purposes and means of processing. Knull, as Processor, processes personal data only on the Controller's documented instructions, as expressed through use of the service and configured authority settings.

Sub-processors

Knull uses a limited set of sub-processors to provide the service: our managed Postgres provider, model providers (OpenAI, Anthropic, Google), Stripe, Resend, and any ad-platform or external API the Controller connects. The current list is available on request and will be kept in a maintained sub-processors register linked from this page when published.

Data subject rights

Knull will assist the Controller in responding to access, correction, deletion and portability requests using the in-product export and deletion tooling. Where assistance beyond the tooling is required, Knull will respond within a reasonable timeframe at no additional cost.

Breach notification

Knull will notify the Controller without undue delay — and in any case within 72 hours of becoming aware — of any personal data breach affecting the Controller's data, with the information needed to meet the Controller's own notification obligations.

International transfers

Where personal data is transferred outside the EEA or UK, the parties rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, as applicable, together with the supplementary measures described in our security documentation.

Signed copy

To request a counter-signed copy of this DPA on Knull letterhead, email legal@knullos.lovable.app with your legal entity name and the contracting Knull plan.