Data Processing Addendum
Last updated: 6 July 2026. This Data Processing Addendum (“DPA”) forms part of the Terms of Service between you (the “Customer”) and Akede. It applies where Akede processes personal data on your behalf and supplements our Privacy Policy. It is designed to satisfy UK GDPR / EU GDPR Article 28 and equivalent laws.
For personal data contained in your workspace (Customer Content — brand data, content you assess, your team, and third-party information you direct us to analyse), you are the controller and Akede is the processor. For Akede’s own account and billing data, Akede is the controller (see the Privacy Policy).
Akede processes personal data only (a) to provide the Service under the Terms, and (b) on your documented instructions (including your configuration and use of the product). Akede will tell you if an instruction appears to breach applicable data-protection law.
Personnel authorised to process Customer Content are bound by confidentiality. Akede maintains technical and organisational measures appropriate to the risk — including encryption in transit (HTTPS/HSTS), hashed credentials, per-tenant isolation, signed httpOnly sessions, security headers, rate limiting, and server-side handling of secrets (Article 32).
You authorise Akede to engage the sub-processors listed at akede.co/subprocessors to help deliver the Service. Akede imposes data-protection obligations on each and remains responsible for their performance. We’ll give notice of new sub-processors and let you object on reasonable data-protection grounds.
Customer Content is sent to our AI sub-processor solely to generate your outputs under enterprise terms and is not used to train shared or public models. Workspace data is isolated per organisation and never shared across tenants.
Where personal data is transferred outside the UK/EEA (or your local jurisdiction), Akede relies on appropriate safeguards such as the Standard Contractual Clauses and the UK International Data Transfer Addendum, together with the relevant sub-processor’s data-processing terms.
Taking account of the nature of processing, Akede will assist you in responding to data-subject requests and in meeting your obligations on security, breach notification and data-protection impact assessments. Akede’s self-serve tools (Settings → Privacy & data) let you export and delete workspace data directly.
Akede will notify you without undue delay after becoming aware of a personal-data breach affecting your Customer Content, with the information you reasonably need to meet your own notification duties.
On termination, or on your request, Akede will delete Customer Content (backups age out on our provider’s cycle), except where retention is required by law — including the 6-year retention of your promotions/audit register described in the Privacy Policy.
Akede will make available information reasonably necessary to demonstrate compliance with this DPA and, on reasonable notice and confidentiality terms, support audits appropriate to the Service.
To countersign a copy for your records, or with questions: legal@akede.co.