Data Processing Agreement
Effective date: April 12, 2026
This DPA supplements the Terms of Service and Privacy Policy and applies to customers who need a data processing agreement for their own compliance requirements.
1. Parties and Definitions
- "Controller" — You, the customer, who determines the purposes and means of processing personal data
- "Processor" — GIGDATA LLC (operating as SiteDialect), which processes data on your behalf
"Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable data protection law.
2. Scope and Purpose of Processing
SiteDialect processes data on your behalf for:
- Translating your website content via AI when visitors select a language
- Caching translated content for performance
- Managing your subscription and billing
- Providing account authentication and dashboard access
Categories of Data Processed
| Category | Data Elements | Retention |
|---|---|---|
| Account data | Name, email, hashed password | Until account deletion + 30 days |
| Login history | IP address, timestamp, success/failure | 12 months |
| Website content | HTML pages crawled from your site for translation | Until site removed or account deleted |
| Translated content | AI-generated translations cached on our servers | Until site removed or account deleted |
| Payment data | Stripe customer/subscription IDs (no card numbers) | Until account deletion |
| Visitor data | None — we do not track or identify your website visitors | N/A |
3. Processor Obligations
GIGDATA LLC shall:
- Process personal data only on documented instructions from the Controller
- Ensure authorized persons are bound by confidentiality obligations
- Implement appropriate technical and organizational security measures
- Notify the Controller before adding new sub-processors
- Assist the Controller in responding to data subject rights requests
- Delete or return all personal data upon service termination
4. Sub-Processors
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Email, payment details | United States |
| Anthropic PBC | AI translation generation | Website HTML content (no PII) | United States |
| Cloudflare, Inc. | CDN and security | Request metadata | Global |
| Contabo GmbH | Infrastructure hosting | All data at rest | United States |
We will notify active subscribers by email at least 14 days before adding a new sub-processor. If you object, you may terminate your subscription before the change takes effect.
5. Security Measures
- Encryption in transit: HTTPS/TLS on all connections
- Access control: SSH key-based authentication, no shared credentials
- Password security: Werkzeug/bcrypt hashing with per-user salts
- Network security: Firewall rules (nftables), Cloudflare WAF
- Content Security Policy: Strict CSP headers on all pages
- Session security: HttpOnly, SameSite=Lax, Secure cookies; 7-day expiry
- CSRF protection: Token-based CSRF on all POST endpoints
6. Data Breach Notification
In the event of a personal data breach, we shall:
- Notify the Controller within 72 hours of becoming aware
- Provide details: nature, categories of data, approximate records, likely consequences, remediation measures
- Cooperate in investigating and remediating the breach
7. Data Subject Rights
We will assist in fulfilling requests for access, rectification, erasure, portability, and restriction. Requests: privacy@sitedialect.com, response within 15 business days.
8. Visitor Privacy
SiteDialect does not collect, store, or process any personal data about your website's visitors. The translation widget makes API calls to our servers using only the page URL and requested language — no visitor IP addresses, cookies, or identifiers are stored by SiteDialect.
9. International Data Transfers
All data processing occurs within the United States. For GDPR transfer mechanisms, contact us to discuss Standard Contractual Clauses.
10. Audit Rights
Upon reasonable written request (no more than once per year), you may request information about our data processing practices. We will respond to audit questionnaires within 30 business days.
11. Term and Termination
This DPA is effective for the duration of your subscription. Upon termination, account data is deleted within 30 days, cached translations are purged, and the widget stops serving translations.
12. Contact
GIGDATA LLC
25422 Trabuco Rd STE 184
Lake Forest, CA 92630
privacy@sitedialect.com