Data Processing Agreement
The DPA that governs how Keel processes
personal data on your behalf.
The Keel DPA is a standalone document that supplements your Master Service Agreement. It covers your role as controller, our role as processor, the lawful basis for transfers, the EU Standard Contractual Clauses, the UK addendum, and the technical and organizational measures we apply to your data.
This page summarizes the DPA structure for review. The executable DPA is drafted and reviewed by counsel and made available on request. Bracketed placeholders are filled in at first publication.
How to obtain and sign the DPA
The DPA is available in two formats. Most customers use the countersigned PDF; we attach it to the MSA at signature. Customers who prefer to use their own DPA template are welcome to send it for review; we accept reasonable redlines that preserve the substantive protections below.
- PDFStandard Keel DPA
Pre-countersigned by Keel. You sign and return; effective on countersignature.
Available on request from hello@keelflow.ai
- ProcessCustomer DPA template
Send to legal@keelflow.ai. We respond with redlines within 5 business days.
Subject to review of substantive terms
What the DPA covers
The Keel DPA has eight sections plus annexes. Section summaries below are not the operative text; the operative text is in the executable PDF. Send a request to hello@keelflow.ai for the latest version.
Roles and scope
Defines the customer as controller, Keel as processor, and the scope of personal data covered by the DPA. The DPA applies to all personal data Keel processes in connection with the platform and the underlying agreement.
Subject matter, duration, nature, and purpose
Describes the processing: subject matter is the personal data uploaded or generated through the platform; duration is the term of the agreement plus retention periods; nature is hosting, storage, and processing necessary to deliver Keel; purpose is delivering the platform and improving operational reliability.
Confidentiality and personnel
Personnel with access to customer data are bound by confidentiality obligations and complete background checks and security training. Access is limited to those with a need-to-know.
Sub-processors
The current list is at /sub-processors. Customers receive at least 30 days' notice of any new sub-processor through in-product announcement and email to designated contacts. Customers may object on reasonable data-protection grounds.
Security measures
Annex II of the DPA documents the technical and organizational measures Keel applies. Headline measures: encryption at rest and in transit, region-pinned data residency, role-based access control, audit logging, vulnerability management, and incident response. Full list in the executable DPA.
Data subject requests
Keel assists the customer in fulfilling data subject rights requests (access, rectification, erasure, restriction, portability, objection). For requests where the customer is the controller, Keel forwards the request to the customer and supports fulfilment.
Personal data breach notification
Keel notifies the customer without undue delay (and within 72 hours of confirmation, in line with GDPR Article 33 standards) of a personal data breach affecting customer data, including the information required by GDPR Article 33.
International transfers
Where personal data is transferred outside the EEA, UK, or Switzerland to a country without an adequacy decision, the DPA incorporates the EU Standard Contractual Clauses and the UK Addendum. Module Two (controller-to-processor) applies between customer and Keel; Module Three (processor-to-processor) applies between Keel and its sub-processors.
Annex I: list of parties and processing
Customer details, Keel details, categories of data subjects, categories of personal data, sensitive data (if any), frequency of transfer, nature and purpose of processing, period of retention, and competent supervisory authority.
Annex II: technical and organizational measures
Pseudonymization and encryption, ongoing confidentiality, integrity and availability, restoration of availability, regular testing and evaluation, identification and authorization, data minimization, data quality, accuracy, storage limitation, transmission security, transport security, retrieval security, separation control, instruction control, deletion of personal data.
Annex III: sub-processors
Live list maintained at /sub-processors. The DPA references this URL so customers always see the current list.
Retention summary
Default retention per data class. Customers can configure overrides within tier-permitted bounds. The full retention table is in the DPA Annex.
| Data class | Default retention | Notes |
|---|---|---|
| Operating data (Accounts, Opportunities, Activities) | Indefinite while Workspace active | Customer-configurable on enterprise tier |
| Audit log | 7 years | Customer-configurable on enterprise tier |
| LLM interaction payloads | 12 months | Customer-configurable on enterprise tier |
| Transcripts (R2) | 12 months | Customer-configurable on enterprise tier |
| Outbound system email | 6 months | Not customer-configurable |
| Closed Workspace data | 90 days then hard delete | Extendable on request |
| Aggregate metrics (Scorecard, ritual briefs) | Indefinite | Cannot identify individuals |
Right to erasure
GDPR right-to-erasure on a single Person or User triggers a 14-day soft-delete confirmation window during which an admin can cancel the request. After the window, hard delete runs as a scheduled job. PII in the audit log is replaced with a tombstone reference. Aggregate Pattern Library data is unaffected because it is already de-identified at the source.
Where the customer is the controller, the data subject's request is forwarded to the customer for fulfillment; Keel assists in execution.
DPA versioning
The DPA carries a version (for example, DPA-v2.1). When we materially update the DPA, customers are notified in-product and by email; re-acceptance is required within 30 days. Re-acceptance is logged with version, timestamp, and accepting user.
The current DPA version is [Set on first publish]. Customers signed against an earlier version stay on that version until re-acceptance.
Contact
For DPA requests, customer template review, or questions about the substantive terms, write to hello@keelflow.ai or legal@keelflow.ai.