KABINET AI
ProductHow It WorksAI KabinetSolutionsPricingResources
Log inTry for Free

Legal & policies

  • Privacy policy
  • Terms of service
  • Acceptable use
  • Cookie policy
  • DPA
  • Sub-processors
  • Accessibility
  • Responsible disclosure

Legal · effective January 1, 2026

Data Processing Agreement

This Data Processing Agreement (DPA) forms part of the Terms of Service between Kabinet AI Ltd. ("Processor") and the customer ("Controller") and governs how we process personal data on your behalf under GDPR / UK GDPR / equivalent laws.

1. Roles

For Customer Content that is personal data, Customer is the Controller and Kabinet is the Processor. For account and billing data we collect directly from Customer, Kabinet is a Controller.

2. Subject matter and duration

Kabinet processes personal data to provide the Service for the duration of the Customer's subscription, and as required by law thereafter.

3. Nature, purpose, and types of data

  • Nature — hosting, analyzing, and generating content based on inputs Customer provides.
  • Purpose — to provide the Service and produce AI-generated outputs on Customer's instructions.
  • Categories of data subjects — Customer's employees, contractors, prospects, customers — anyone whose data Customer chooses to feed into the platform.
  • Types of personal data — names, emails, role titles, business contact information, content of business communications, metadata.

4. Processor obligations

Kabinet will:

  • Process personal data only on Customer's documented instructions.
  • Ensure personnel processing data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational security measures (Annex II).
  • Notify Customer without undue delay (and within 72 hours) of becoming aware of a personal-data breach.
  • Assist Customer in responding to data-subject requests and DPIAs.
  • Delete or return all personal data at the end of the engagement.
  • Make available all information necessary to demonstrate compliance and allow audits.

5. Sub-processors

Customer authorizes Kabinet to engage the sub-processors listed at /legal/sub-processors. Kabinet imposes equivalent data-protection obligations on every sub-processor and remains liable for their acts and omissions. Customer will be notified at least 30 days before any new sub-processor is added.

6. International transfers

Where data is transferred outside the EEA / UK to a country that does not have an adequacy decision, Kabinet relies on the European Commission's Standard Contractual Clauses (2021/914) or the UK Addendum, plus supplementary measures (encryption in transit and at rest, key management).

7. Annex I — Description of processing

See Privacy Policy and the "Information we collect" section for the full description.

8. Annex II — Security measures

  • Encryption of data at rest (AES-256) and in transit (TLS 1.2+).
  • Role-based access control with mandatory multi-factor authentication for all production access.
  • Encrypted, geographically redundant backups with documented recovery procedures.
  • Continuous monitoring, anomaly detection, and audit logging.
  • Annual penetration tests and quarterly vulnerability scans.
  • Regular employee security training and least-privilege provisioning.

9. Liability

The liability provisions of the Terms of Service apply to this DPA and are not increased by it.

10. Signing this DPA

This DPA is incorporated into the Terms of Service. By using the Service you accept it. Customers requiring a counter-signed copy can request one at legal@kabinet-ai.com.

KABINET AI

The AI Operating System for Modern Business. Hire your full company in 60 seconds.

One email per month. Unsubscribe anytime.

Product

  • Overview
  • Product
  • Pricing
  • AI Audit
  • AI Kabinet

Resources

  • Resources
  • Developer Hub
  • API reference
  • Changelog

Company

  • About
  • How it works
  • Solutions
  • Contact
  • Contact sales

Legal

  • Privacy policy
  • Terms of service
  • Acceptable use
  • Cookie policy
  • Data Processing Agreement (DPA)
  • Sub-processors
  • Accessibility
  • Responsible disclosure
All systems operationalSOC 2 in progressGDPR compliantEU & US data residencyEnd-to-end encryptionWCAG 2.1 AA
© 2026 Kabinet AI Ltd. All rights reserved.·Made for founders who'd rather ship than coordinate.