Skip to content
Apier

Data Processing Agreement

⚠️ Draft template — not yet legally binding. Every clause below is a placeholder pending review by a Norwegian personvern (data-protection) lawyer. This page is noindex until that review completes. Do not rely on it as an executed agreement.

This Data Processing Agreement (DPA) sets out the terms under which Apier — operated by Grov Digital (org.nr. 833 397 982, a Norwegian enkeltpersonforetak) — processes personal data on behalf of an API consumer under GDPR Article 28. Here Apier is the Processor and the API consumer is the Controller. For how Apier handles personal data as a controller of its own consumer-account data, see /privacy; for the live subprocessor list and infrastructure posture, see /trust.

1. Parties

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

2. Subject matter and duration

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

3. Nature and purpose of processing

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

4. Categories of data subjects and personal data

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

5. Obligations and rights of the Controller

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

6. Subprocessors

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

The current subprocessor list (Supabase — Stockholm, Vercel, Sentry, Resend) with each vendor's region and DPA status is maintained at /trust#subprocessors and in machine-readable form at /.well-known/data-sovereignty.

7. Security measures

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

8. Data subject rights handling

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

9. Return and deletion on termination

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

10. Governing law

[CONTENT REVIEW NEEDED — lawyer sign-off pending]

Intended framework: Norwegian law, including personopplysningsloven (which incorporates the GDPR into Norwegian law). Final wording pending lawyer review.

Draft status: pre-lawyer-review. Questions about a signed DPA for a specific integration: Trust & Data Sovereignty.