Data Processing Agreement · Last updated: April 15, 2026
Who is this document for? This DPA is intended for business customers (data controllers) who use Elric to process personal data relating to their own users, employees, prospects, or customers. It formalizes the controller ↔ processor relationship under GDPR Article 28.
If you use Elric only for your own individual personal data, our Privacy Policy applies. Privacy
Processor: Accelerhate SAS, simplified joint-stock company with share capital of EUR 99 — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France — Nantes Trade and Companies Register: 989 119 672 — intra-community VAT: FR18989119672.
Controller: any legal entity that subscribed to Elric and accepted the Terms of Service.
This DPA supplements the Terms of Service and governs Accelerhate’s processing of personal data entrusted to Elric as part of the Service.
It is entered into under Article 28 of Regulation (EU) 2016/679 of April 27, 2016 (GDPR). In case of conflict, this DPA prevails over the Terms for personal-data matters.
The terms “Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, and “Personal Data Breach” have the meanings given by the GDPR.
The Customer agrees not to upload special categories of data under GDPR Article 9, nor data relating to criminal convictions, unless Accelerhate gives prior written agreement.
Accelerhate does not use Customer data to train or fine-tune artificial-intelligence models. Data is sent to third-party AI providers only for real-time inference required by a Customer-initiated request.
The Customer authorizes Accelerhate to use subprocessors required to provide the Service. Accelerhate will inform the Customer of any significant addition or replacement with reasonable prior notice.
| Provider | Purpose | Location |
|---|---|---|
| Supabase Inc. | PostgreSQL database + authentication | EU (eu-west-1, Ireland) |
| Vercel Inc. | Web application hosting | EU / US (edge network) |
| Google LLC | AI inference, OAuth, Google Workspace APIs | US (Data Privacy Framework + SCC) |
| Recall.ai | Online meeting transcription | EU (eu-central-1) |
| Stripe Inc. | Payments and billing | US (PCI DSS + SCC) |
| Resend | Transactional emails | US (SCC) |
In the event of a personal data breach, Accelerhate will notify the Customer as soon as possible and no later than 72 hours after becoming aware of it. The notice will include the nature of the breach, affected data, likely consequences, and proposed remediation measures.
Accelerhate assists the Customer, where possible, in responding to data-subject rights requests. The Customer has self-service tools to export data, delete a workspace, and revoke third-party integrations.
At the end of the service, Accelerhate allows the Customer to export data and then deletes personal data within the applicable timelines, except where legal retention obligations apply. A deletion certificate may be provided on written request.
The Customer may conduct one annual audit with 30 days’ written notice, at its own expense, during business hours, without disrupting the Service, and under strict confidentiality. Accelerhate may provide independent audit reports when available.
When personal data is transferred outside the European Union to a country without an adequacy decision, Accelerhate implements appropriate safeguards, including Standard Contractual Clauses.
The parties’ liability under this DPA applies under the conditions set out in the Terms. Each party remains responsible for non-compliance with its own GDPR obligations.
This DPA takes effect upon acceptance of the Terms and remains applicable throughout the service term and during the period required for effective data deletion.
This DPA is governed by French law and the GDPR. Any dispute falls under the exclusive jurisdiction of the courts within the jurisdiction of the Rennes Court of Appeal.
For any question about this DPA or data protection:
An external DPO may be appointed later if Accelerhate’s processing volume or obligations require it.
jean@elric-ia.com
Accelerhate SAS — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France
See also : Terms · Privacy · Legal notice · Security