1. Scope And Incorporation
This Data Processing Addendum ("Addendum") supplements the RemoteGPU Terms of Service, any applicable order form, or another written agreement governing Customer's use of RemoteGPU (the "Agreement").
This Addendum applies only when RemoteGPU processes Customer Personal Data on behalf of Customer through the services. It does not apply to account, billing, security, support, usage, or administrative data that RemoteGPU processes as an independent controller, which is described in the RemoteGPU Privacy Policy.
2. Definitions
"Customer" means the person or organization using the services under the Agreement. "Customer Personal Data" means personal data included in Customer Content that RemoteGPU processes on Customer's behalf. "Customer Instructions" means the Agreement, this Addendum, Customer's configuration of the services, Customer's use of APIs and console controls, support requests, and other written instructions accepted by RemoteGPU.
"Data Protection Laws" means privacy, data protection, and data security laws that apply to the processing of Customer Personal Data. "Process" and "processing" have the meanings given under applicable Data Protection Laws.
3. Roles And Customer Instructions
As between the parties, Customer is the controller, business, or equivalent party that determines the purposes and means of processing Customer Personal Data. RemoteGPU is the processor, service provider, or equivalent party that processes Customer Personal Data on Customer's behalf.
RemoteGPU will process Customer Personal Data only to provide, secure, troubleshoot, support, and maintain the services; comply with applicable law; enforce the Agreement; and follow Customer Instructions. Customer is responsible for ensuring that Customer Instructions are lawful.
4. Details Of Processing
The following details describe RemoteGPU's processing of Customer Personal Data under this Addendum.
| Processing Detail | Description |
|---|---|
| Subject matter | RemoteGPU's provision of cloud GPU, hosted application, inference, Kubernetes, storage, networking, billing, support, and related services to Customer. |
| Duration | For the term of Customer's use of the services, plus the period required to delete, return, secure, or retain Customer Personal Data under the Agreement, this Addendum, service lifecycle, or applicable law. |
| Nature and purpose | Hosting, processing, transmitting, storing, securing, monitoring, troubleshooting, supporting, and deleting Customer Personal Data as needed to provide the services and follow Customer Instructions. |
| Categories of data | Personal data that Customer or its users submit, generate, store, or run through RemoteGPU services, including data in prompts, inputs, outputs, files, images, models, workloads, volumes, logs, artifacts, support diagnostics, and hosted application workspaces. |
| Data subjects | Individuals whose personal data is included in Customer Personal Data, such as Customer's users, employees, contractors, representatives, end users, customers, or other individuals determined by Customer. |
5. Customer Responsibilities
Customer is responsible for:
- Providing all required notices and obtaining all rights, permissions, consents, and lawful bases needed to submit Customer Personal Data to RemoteGPU.
- Determining whether the services are appropriate for Customer Personal Data and Customer's compliance obligations.
- Configuring workloads, storage, networking, access controls, API keys, credentials, environment variables, and secrets securely.
- Avoiding submission of protected health information, payment card data requiring PCI DSS controls, government identifiers, or other regulated data unless a separate written agreement expressly permits that use.
6. RemoteGPU Responsibilities
RemoteGPU will:
- Process Customer Personal Data in accordance with Customer Instructions and this Addendum.
- Require personnel who process Customer Personal Data to be subject to confidentiality obligations.
- Maintain technical and organizational measures designed to protect Customer Personal Data against unauthorized access, disclosure, alteration, and destruction.
- Provide reasonable assistance, taking into account the nature of the processing and information available to RemoteGPU, to help Customer meet applicable data protection obligations.
7. Security Measures
RemoteGPU maintains security measures designed for the nature of the services and the risks of processing Customer Personal Data. These measures may vary by service, resource, feature, and account configuration.
| Measure Area | Description |
|---|---|
| Access controls | Controls designed to limit access to systems and Customer Personal Data to authorized personnel, services, and subprocessors with a need to access them. |
| Transport protection | Use of encryption or comparable safeguards for transmission of Customer Personal Data over public networks where appropriate. |
| Monitoring and logging | Operational logging, abuse detection, security monitoring, and incident response processes designed to protect service integrity. |
| Personnel controls | Confidentiality obligations and access practices for personnel who may access Customer Personal Data to provide, secure, or support the services. |
| Resilience and deletion | Backup, recovery, retention, and deletion practices designed for the applicable resource, workspace, job, volume, log, backup, or account lifecycle. |
8. Security Incidents
"Security Incident" means a confirmed breach of RemoteGPU security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data. Security Incidents do not include unsuccessful attempts or activities that do not compromise Customer Personal Data, such as unsuccessful login attempts, pings, scans, or denial-of-service attempts.
RemoteGPU will notify Customer without undue delay after becoming aware of a Security Incident and will provide information reasonably available to RemoteGPU to help Customer meet applicable breach notice obligations.
9. Subprocessors
Customer authorizes RemoteGPU to use subprocessors to provide, secure, support, and maintain the services. Subprocessors may include providers for infrastructure, hosting, identity, authentication, payments, security, monitoring, analytics, communications, and customer support.
RemoteGPU will impose data protection obligations on subprocessors that are materially consistent with this Addendum and will remain responsible for subprocessors' processing of Customer Personal Data as required by applicable Data Protection Laws. Customers may request current subprocessor information at [email protected].
10. Data Subject Requests
Customer is responsible for responding to requests from data subjects relating to Customer Personal Data. RemoteGPU will provide reasonable assistance, to the extent Customer cannot access the relevant Customer Personal Data through the services and the request is required by applicable Data Protection Laws.
If RemoteGPU receives a data subject request that identifies Customer and relates to Customer Personal Data, RemoteGPU may direct the requester to Customer unless applicable law requires otherwise.
11. Return And Deletion
Customer may delete Customer Personal Data using the service controls made available by RemoteGPU. After termination or expiration of the Agreement, RemoteGPU will delete or return Customer Personal Data in accordance with the applicable service lifecycle, this Addendum, the Agreement, and applicable law.
Some Customer Personal Data may remain in backups, logs, security records, abuse records, billing records, or legal records for a limited period where deletion is technically impractical, where the data is retained under ordinary lifecycle controls, or where retention is required to comply with law, resolve disputes, enforce agreements, or protect the services.
12. International Transfers
RemoteGPU is based in the United States, and Customer Personal Data may be processed in the United States and other locations where RemoteGPU or its subprocessors operate.
If Data Protection Laws require a specific transfer mechanism, transfer annex, or additional transfer terms for Customer Personal Data, RemoteGPU and Customer will cooperate in good faith to implement an appropriate transfer mechanism through a separate written agreement or addendum where required.
13. California Service Provider Terms
To the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to RemoteGPU's processing of Customer Personal Data, RemoteGPU will process Customer Personal Data as a service provider or processor on Customer's behalf.
RemoteGPU will not sell or share Customer Personal Data, retain, use, or disclose Customer Personal Data for a commercial purpose other than the business purposes described in the Agreement and this Addendum, or retain, use, or disclose Customer Personal Data outside the direct business relationship between Customer and RemoteGPU, except as permitted by applicable law.
14. Audits And Information
RemoteGPU will make information reasonably necessary to demonstrate compliance with this Addendum available to Customer upon reasonable written request and subject to confidentiality, security, and access restrictions. If applicable Data Protection Laws require an audit, Customer and RemoteGPU will cooperate in good faith on a reasonable audit process that avoids compromising security, confidentiality, operations, or other customers' data.
15. Changes To This Addendum
RemoteGPU may update this Addendum from time to time. When changes are made, RemoteGPU will update the last updated date above. If changes are material, RemoteGPU may provide additional notice through the website, console, email, or other reasonable means.