Use your browser's Print → Save as PDF to create a signed PDF copy. To execute this DPA, complete the highlighted fields, sign both copies, and email to security@filtrate.polsia.app.
| Controller ("You") | [Full legal name of Controller], a [entity type, e.g., corporation] incorporated under the laws of [jurisdiction], with its registered address at [address] ("Controller"). |
| Processor ("Filtrate") | Polsia, Inc., a Delaware corporation, operating the Filtrate media compliance API, with its principal address at c/o Polsia, Inc., Delaware, USA ("Processor"). |
| Effective Date | [Date] |
The Processor operates Filtrate, a media compliance API that strips EXIF metadata, compresses images to WebP format, and returns a compliance verdict. The Controller uses the Filtrate API (the "Services") to process images submitted through its platform.
This Data Processing Agreement ("DPA") forms part of the agreement between the parties and establishes the terms under which the Processor will process Personal Data on behalf of the Controller.
The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by applicable law. In such a case, the Processor shall inform the Controller of that legal requirement before processing, unless prohibited by law on important grounds of public interest.
The subject-matter, duration, nature, purpose, type of Personal Data, and categories of Data Subjects are set out in Annex I to this DPA.
The Processor shall:
The Controller grants general authorisation to the Processor to engage Sub-Processors. The current Sub-Processor list is maintained at https://filtrate.polsia.app/security#sub-processors and is incorporated herein by reference.
The Processor shall: (a) notify the Controller of any intended changes to Sub-Processors (additions or replacements) by updating the Sub-Processor page; (b) impose data protection obligations on each Sub-Processor equivalent to those in this DPA; and (c) remain liable for any Sub-Processor's failure to fulfil its obligations.
Authorised Sub-Processors as of the Effective Date:
| Sub-Processor | Purpose | Location | DPA / Privacy Policy |
|---|---|---|---|
| Render Services, Inc. | Application hosting and compute | USA (AWS us-east-1) | render.com/dpa |
| Neon, Inc. | PostgreSQL database hosting | USA (AWS us-east-1) | neon.tech/privacy |
| Cloudflare, Inc. | Object storage (processed images, CDN) | Global (Cloudflare network) | cloudflare.com/trust-hub |
| OpenAI, L.L.C. | AI content moderation (vision model inference) | USA | openai.com/policies |
| Stripe, Inc. | Payment processing (billing only) | USA | stripe.com/privacy |
| Wildbit LLC (Postmark) | Transactional email | USA | postmarkapp.com/privacy-policy |
Personal Data is currently processed in the United States (AWS us-east-1). Where the Controller is subject to GDPR and transfers Personal Data from the European Economic Area, the parties agree to the EU Standard Contractual Clauses (Module 2: Controller to Processor, Commission Decision 2021/914) which are incorporated herein by reference, and the Processor shall execute any additional SCCs upon request.
Each party shall keep confidential all information received from the other party and shall not disclose it to third parties without the other party's prior written consent, except as required by applicable law or as necessary to perform this DPA.
This DPA shall remain in force for as long as the Processor processes Personal Data on behalf of the Controller under any Service agreement. Termination of the underlying Service agreement automatically terminates this DPA, subject to the survival provisions in Section 5 (deletion/return of data).
Each party's liability under this DPA shall be subject to the limitations of liability set out in the applicable Service agreement between the parties. Where no such agreement exists, each party's aggregate liability shall not exceed USD $10,000.
This DPA is governed by the laws of the State of Delaware, USA, without regard to conflict of law principles, unless a mandatory provision of applicable Data Protection Law requires otherwise.
This DPA may be executed in counterparts. Electronic signatures are accepted.
Processing of image files submitted to the Filtrate API for the purpose of EXIF metadata stripping, WebP compression, and AI content compliance moderation. Processing occurs for as long as the Controller uses the Filtrate API.
The Processor receives image files via HTTPS API call, processes them in-memory (no original bytes are written to disk), strips all EXIF/IPTC/XMP metadata, compresses to WebP format, runs AI moderation, and returns the processed image URL and compliance verdict to the Controller. The original image bytes are discarded upon request completion.
Images submitted by the Controller may contain Personal Data embedded as EXIF metadata (GPS coordinates, device identifiers, timestamps) or visible in the image content (photographs of individuals). Filtrate processes but does not retain the original Personal Data — EXIF metadata is stripped as part of the core service.
End users of the Controller's marketplace platform who have uploaded images; sellers whose product photos are processed through the API.
Filtrate Data Processing Agreement — Standard Template v1.0 — June 2026
For questions: security@filtrate.polsia.app ·
filtrate.polsia.app/security