MeaningStack
The Judgment Gap Insights Steward
Legal

Data Processing Agreement

Terms under which MeaningStack B.V. processes personal data on behalf of a business customer.

Version dpa-2026-06-07 · Effective 7 June 2026 · MeaningStack B.V. (KvK 42064215), Maastricht, Netherlands

This Data Processing Agreement (“DPA”) forms part of the agreement between the customer (“Controller”) and MeaningStack B.V. (“Processor”) for use of the Services, and applies where MeaningStack processes personal data on the Controller’s behalf. It is intended to support compliance with Article 28 of the GDPR.

1. Roles

The Controller determines the purposes and means of processing personal data. The Processor processes that personal data only on the Controller’s documented instructions, including as set out in the agreement and the product documentation.

2. Subject matter and duration

The Processor processes personal data for the duration of the agreement, solely to provide the Services (for example, runtime verification data transmitted through the Steward SDK, and connection metadata for KamiraFlow).

3. Nature and purpose of processing

Processing includes collection, storage, analysis, and generation of indicative signals, alerts, and verification results, as described in the product documentation. The Controller acknowledges that these outputs are decision-supporting and indicative, as set out in the Terms of Service.

4. Categories of data and data subjects

Personal data may include identifiers and professional information relating to the Controller’s personnel, contributors, and the individuals referenced in the data the Controller connects or transmits. The Controller is responsible for ensuring it has a lawful basis to provide such data.

5. Processor obligations

  • Process personal data only on documented instructions from the Controller.
  • Ensure persons authorised to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures.
  • Respect the conditions in Section 6 for engaging sub-processors.
  • Assist the Controller, taking into account the nature of processing, in responding to data subject requests and in meeting its security, breach-notification, and impact-assessment obligations.
  • At the Controller’s choice, delete or return personal data at the end of the services, save where storage is required by law.
  • Make available information necessary to demonstrate compliance and allow for audits, subject to reasonable confidentiality and security conditions.

6. Sub-processors

The Controller authorises the Processor to engage sub-processors (including infrastructure and AI providers) under written terms imposing data-protection obligations comparable to those in this DPA. The Processor remains responsible for its sub-processors’ performance and will inform the Controller of intended changes, allowing the Controller to object on reasonable grounds.

7. International transfers

Where personal data is transferred outside the EEA, the Processor will rely on a recognised transfer mechanism, such as the European Commission’s Standard Contractual Clauses.

8. Security

The Processor maintains technical and organisational measures appropriate to the risk, including access controls, encryption in transit, and tamper-evident records where applicable. The Controller acknowledges that no measures can guarantee absolute security.

9. Personal data breach

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s data, and will provide information reasonably available to assist the Controller’s obligations.

10. Liability

Liability under this DPA is subject to the limitations and exclusions set out in the agreement and the Terms of Service, to the maximum extent permitted by applicable law.

11. Contact

Data-protection matters: admin@meaningstack.com.

Note: This document is a template and is not legal advice. A DPA has specific legal requirements under GDPR Article 28 and must reflect your actual processing, sub-processors, and security measures. Have it reviewed and completed by qualified counsel, and attach the required annexes (processing details and sub-processor list), before relying on it.

MeaningStack

Scaling organizational judgment for autonomous AI.

Products
  • KamiraFlow
  • Steward
  • Pricing
Resources
  • FAQ
  • Documentation
  • Tools
  • Assessments
Thought Leadership
  • The Judgment Gap
  • Insights
Company
  • About
  • Investors
  • Contact
Legal
  • Privacy
  • Cookie Policy
  • Terms
  • DPA
© 2026 MeaningStack B.V. · Patents pending
Built in the EU