Template pending legal review. This DPA is a plain-English starting point. It is not a legally binding contract in its current form. Customers requiring an executed DPA should contact us at hello@tokenpak.ai — legal review and a counterparty signature round will finalize the binding version.

Data Processing Agreement (template)

Last updated: 2026-04-23 (draft).

1. Parties + roles

Customer (Data Controller) — the party that installs or uses TokenPak in connection with Personal Data.

TokenPak (Data Processor) — Kevin Yang, sole proprietor, operating the TokenPak open-source project and commercial Pro tier under the TokenPak brand (hello@tokenpak.ai). Processor only where TokenPak actually processes Customer Personal Data on Customer's behalf, which under the default deployment is none — see §3.

2. Scope

This DPA covers Personal Data that flows through TokenPak infrastructure as part of Pro-tier services (license server, private package index, portal). It does not apply to the OSS local proxy, which runs entirely on the Customer's infrastructure and processes data only on the Customer's own machines.

3. Data categories

OSS local proxy (default deployment): TokenPak does not receive or process Customer Personal Data. All processing occurs on the Customer's machine. TokenPak is out-of-scope as a Processor for this deployment.
Pro-tier license verification: license tokens, an account identifier (email address), and billing metadata (via Stripe — see Sub-processors).
Pro-tier package distribution: license token presented to pypi.tokenpak.ai to authorize downloads. No prompt, response, or business content crosses this boundary.

4. Purpose limitation

Processor may Process Personal Data only to: (a) deliver the Pro-tier service the Customer purchased, (b) verify license validity, and (c) fulfill legal obligations. Processor shall not use Personal Data for marketing, research, training, or any purpose not expressly authorized.

5. Sub-processors

A current list of Sub-processors is maintained at /compliance/sub-processors. Processor will give Customer at least 30 days' advance notice of any new Sub-processor via that page; Customer may object in writing.

6. Security measures

License tokens at rest: RSA-signed; stored with mode 0600 on the Customer's machine.
In-transit: TLS 1.2+ for license server and package-index traffic.
Operational access: limited to the Processor principal; no shared staff.

7. Data subject rights

Processor will assist Customer in responding to data-subject access, rectification, erasure, or portability requests that relate to Processor-held Personal Data (license tokens + account email) within a reasonable time and at no additional cost, except for fulfillment of requests that are manifestly unfounded or excessive.

8. Breach notification

Processor will notify Customer without undue delay (target: 72 hours) of any Personal Data Breach affecting the Pro-tier services, describing the nature of the breach, data categories and approximate counts affected, likely consequences, and remediation steps.

9. Data transfer, retention, deletion

Processor stores license tokens and account emails for the duration of the active subscription plus a 30-day wind-down window.
Upon account termination, Processor will delete all Customer Personal Data within 30 days, excluding anonymized aggregates (counts of issued licenses) and records legally required to be retained.
International transfers: see Sub-processors for jurisdictions.

10. Audit

Customer may request an audit of Processor's compliance with this DPA, limited to once per year and 30 days' notice, subject to reasonable confidentiality terms.

11. Conflict

In the event of conflict between this DPA and any other agreement, this DPA governs the Processing of Personal Data.

Questions or to execute a binding DPA: hello@tokenpak.ai.