Data Processing Agreement
Parties and roles
The Controller is the SMB owner who uses Brik to build and operate a website. The Processor is Brik, which processes personal data on the Controller's documented instructions under Article 28 GDPR.
Scope and purpose
Brik processes personal data only to provide the service: hosting and operating the website, AI-assisted generation and editing, transactional email, and billing — for the duration of the subscription.
Sub-processors
Brik engages the sub-processors listed on the sub-processor page and gives reasonable prior notice of any intended change.
Security
EU data residency (europe-north1, Finland), encryption in transit (TLS), access control with least-privilege service accounts, and managed secret storage.
International transfers
All sub-processors are EU-resident except Anthropic, PBC (United States), engaged under the EU Standard Contractual Clauses.
Data-subject rights & breach notification
Brik assists the Controller in responding to data-subject-rights requests, notifies the Controller without undue delay of a personal-data breach, and deletes or returns the data on termination.
Contact
This agreement is governed by the laws of Sweden. The full executable agreement is available on request via buildbrik.se.