Glossary
GDPR DPA
Article 28 contract between data controller and processor under GDPR.
A Data Processing Addendum, mandated by GDPR Article 28, contractually binds the processor (the LLM provider) to the controller (you) on how personal data is handled. Required for any production traffic touching EU residents' data.
See also
-
HIPAA BAAContract that lets U.S. healthcare entities send Protected Health Information to vendors.
-
Data residencyWhere your prompt + completion data physically lives at rest and in transit.
-
Zero retentionProvider configuration where prompts/completions are not stored beyond the immediate request.