DATA PROCESSING AGREEMENT (DPA)
DATA PROCESSING AGREEMENT (DPA)
Let’s Gen® AI
Let’s Gen Srl
Piazzale Susa 11, 20133 Milan, Italy
Email: hello@letsgen.ai
Last updated: 04-05-2026
1. Subject Matter
This Data Processing Agreement (“DPA”) governs the processing of personal data carried out by Let’s Gen Srl (“Processor”) on behalf of the Customer (“Controller”) in connection with the provision of the Let’s Gen® AI SaaS platform.
This DPA forms an integral part of the Terms of Service.
2. Roles of the Parties
- The Customer acts as Data Controller
- Let’s Gen Srl acts as Data Processor
AI Providers selected by the User are NOT sub-processors of Let’s Gen, but independent third parties chosen directly by the Customer.
3. Nature of the Service (AI Orchestration)
The Let’s Gen® AI platform:
- provides a technical orchestration infrastructure
- does not develop AI models
- does not control AI systems
Any data processing involving AI is carried out through third-party services selected by the Customer.
4. Nature and Purpose of Processing
Let’s Gen processes personal data solely for:
- provision of the SaaS service
- content generation and management
- user and role management
- security and abuse prevention
- logging and auditing
- technical support
- subscription and billing management
5. Types of Personal Data
Processed data may include:
- identification data (name, email)
- technical data (IP address, device, logs)
- content data submitted by Users
- usage data
- API keys (encrypted)
6. Categories of Data Subjects
- Customer’s users
- employees or collaborators of the Customer
- any individuals whose data is included in submitted content
7. Data Flow and AI Providers
When using the Service:
-
The Customer inputs data into the Platform
-
The Platform may transmit such data to selected AI Providers
-
The AI Provider processes the data and returns an output
AI Providers:
- act as independent data controllers
- process data according to their own policies
Let’s Gen does not control such processing activities.
8. Instructions from the Controller
Let’s Gen processes personal data:
- only on documented instructions from the Customer
- only for purposes related to the Service
The Customer is responsible for ensuring the lawfulness of the data submitted.
9. Technical and Organizational Measures
Let’s Gen implements:
- multi-tenant architecture with data isolation
- role-based access control (RBAC)
- API key encryption
- logging and audit trail
- monitoring of suspicious activity
- input sanitization
- secure session management
- backup and disaster recovery
10. Sub-processors
Let’s Gen may engage:
- cloud hosting providers
- Stripe (payment processing)
- email service providers
- security and infrastructure services
All sub-processors are bound by GDPR-compliant agreements.
AI Providers are NOT sub-processors of Let’s Gen.
11. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA):
- Standard Contractual Clauses (SCCs) are used
- or other safeguards under GDPR are applied
12. Data Breach
Let’s Gen shall:
- notify the Customer of any personal data breach without undue delay
- and in any case within 72 hours of becoming aware
13. Assistance to the Controller
Let’s Gen shall assist the Customer in:
- responding to data subject requests
- ensuring compliance with applicable data protection laws
14. Audit Rights
The Customer may request information regarding the security measures adopted by Let’s Gen.
15. Duration
This DPA:
- remains valid for the duration of the Service
- terminates upon termination of the agreement
16. Return or Deletion of Data
Upon termination of the Service:
- personal data may be deleted or returned upon request
- unless retention is required by law
17. Liability
The Customer:
- is responsible for the lawfulness of the data processed
- is responsible for the use of AI Providers
Let’s Gen:
- is responsible only for processing under its control
- is not responsible for processing carried out by AI Providers
18. Changes
This DPA may be updated due to:
- legal or regulatory changes
- technical evolution of the Service
Last updated: 04-05-2026