siftq
Sign inStart free
Sign inStart free
DPA

Data Processing Addendum

A conservative overview of SiftQ data processing terms for eligible business customers.

Status of this page

This is a DPA overview and request placeholder. It is not itself a legally binding data processing addendum.

A DPA, retention commitment, transfer mechanism, or security exhibit applies only when included in a signed agreement with an eligible customer.

Roles

Depending on the use case, SiftQ may act as an independent service provider for website operations or as a processor/data intermediary for customer-submitted API data.

Customer-specific role allocation should be confirmed in the applicable agreement, especially where personal data, regulated data, or confidential prompts are involved.

Processing scope

Potential processing may include receiving API queries, routing them to upstream search infrastructure, returning structured results, logging operational metadata, preventing abuse, debugging failures, and maintaining reliability.

Customers should avoid sending secrets, regulated personal data, or confidential customer data unless the signed agreement explicitly covers that use.

Retention and deletion

Default operational retention supports debugging, reliability, analytics, and abuse prevention.

Shorter retention, deletion procedures, or special handling can be reviewed for eligible enterprise customers and must be documented in writing.

Sub-processors and upstream services

SiftQ may rely on infrastructure, hosting, analytics, logging, CDN, and upstream retrieval/search providers to deliver the service.

Provider information should be provided only as part of an enterprise review or signed agreement when available.

Security measures

Current product design keeps browser-facing API calls behind a server-side proxy and avoids exposing upstream API secrets to the client.

Additional security documentation, access controls, SSO, dedicated deployment options, or audit materials should be handled through enterprise review and written agreement.

International transfers

Cross-border processing or transfer mechanisms depend on customer location, deployment choices, and service providers. Any required transfer terms should be agreed in the final DPA or service agreement.

How to request a DPA

The public inbox [email protected] is reserved but not active yet. Until an active contact channel is published, this page should be treated as a placeholder for enterprise DPA review.