Back to home

Data Processing Addendum

For customers subject to the EU/UK GDPR and similar laws.

Effective June 7, 2026 · Amino Stack IQ · 915 Cimarron Circle, Bradenton, FL 34209, USA

Template document. This is a tailored draft prepared for Amino Stack IQ. Review with qualified counsel before relying on it for any production use.

This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Controller") and Amino Stack IQ ("Processor") and reflects the parties' agreement on the processing of Personal Data as defined by Regulation (EU) 2016/679 and the UK GDPR.

1. Roles

Controller determines the purposes and means of processing. Processor processes Personal Data only on documented instructions from Controller, including those in the agreement and through Controller's use of the Services.

2. Subject matter, duration, nature & purpose

  • Subject matter: provision of the Amino Stack IQ platform.
  • Duration: for the term of the agreement and any post-termination retention period.
  • Nature & purpose: hosting, processing, transmitting, and supporting Customer Data to deliver the Services.
  • Categories of data subjects: Controller's personnel, end users, and (for clinics) patients.
  • Categories of data: account, business, and clinical/operational data as described in the Privacy Policy and Clinic Privacy Notice.

3. Sub-processors

Controller authorizes Processor to engage the sub-processors listed in our current sub-processor list (available from support@aminostackiq.com). Processor will give reasonable notice of changes and provide a mechanism to object.

4. International transfers

Where Personal Data is transferred outside the EEA/UK, the parties incorporate the applicable Standard Contractual Clauses (Module Two — Controller to Processor) and the UK International Data Transfer Addendum, completed with the information in this DPA.

5. Security

Processor maintains the technical and organizational measures described in the Privacy Policy and Compliance page, including encryption in transit and at rest, role-based access control, audit logging, and incident response.

6. Data subject requests

Processor will, taking into account the nature of the processing, assist Controller by appropriate technical and organizational measures, insofar as possible, in fulfilling Controller's obligation to respond to data subject requests.

7. Personal data breach

Processor will notify Controller without undue delay after becoming aware of a Personal Data Breach and will provide information reasonably required for Controller's notification obligations under Articles 33–34 GDPR.

8. Deletion & return

At the end of the Services, Processor will, at Controller's choice, delete or return Personal Data and delete existing copies unless retention is required by law.

9. Audits

Processor will make available information necessary to demonstrate compliance, including third-party audit reports under NDA. On-site audits will be conducted only on reasonable prior notice, no more than once per year, and at Controller's expense, subject to confidentiality and security requirements.

10. Order of precedence

In the event of conflict, this DPA controls over the agreement with respect to processing of Personal Data subject to GDPR/UK GDPR.

11. Contact

Data Protection contact: support@aminostackiq.com. Amino Stack IQ, 915 Cimarron Circle, Bradenton, FL 34209, USA.