Last updated: June 14, 2026 · Version 1.0
We need some account info to run the service — your email, subscription status, that kind of thing. That's personal data under GDPR. This document says what we do with it and who else touches it.
The thing people actually care about: we never see your prompts or completions. Not logged, not stored, not trained on. They live in GPU memory for the duration of a single request and then they're gone. That's covered in section 4, and it's the entire reason people pick us.
All our infrastructure is in the EU. Our sub-processors are listed below. If you need a signed copy, email us.
Controller: you, the customer. You decide why and how personal data gets processed.
Processor: us, AffordableAI. We process personal data on your behalf.
Sub-processor: a third party we hire that also processes personal data.
Personal data: account information needed to provide the service. This means user identifiers, email addresses, API key hashes, subscription status, and billing records. It does not include prompts, completions, or chat history. Those are never stored (see section 4).
This DPA covers the personal data we process while running the inference API service. Processing starts when you create an account and stops when your account is deleted or your subscription ends. After termination, we delete all personal data within 30 days, unless Dutch law says we have to keep billing records longer.
We process personal data for exactly these things and nothing else:
Authenticating you and managing API access. Processing subscription payments and keeping billing records (Dutch tax law requires this). Routing requests to the right inference server. Tracking aggregated operational metrics — request counts, latency, error rates. And detecting abuse to keep the service running for everyone.
We don't use personal data for model training, product improvement, building user profiles, or anything not listed here.
We do not store, log, retain, or otherwise process any of the following:
Prompts sent to the inference API. Completions returned by the model. Chat history or conversation content. Files, code, documents, or any other content you submit to the model.
Prompts and completions exist only in GPU volatile memory while a request is active. They're discarded the moment the response is returned. No disk writes. No logging. No training. If you send a subject access request, we'll hand over your account data. But there won't be any prompt content in there, because there isn't any.
Everything stays in the EU. Inference runs on GPUs in Finland (Verda) and Germany (Hetzner). Authentication, billing, and monitoring all run in Germany. No personal data moves outside the European Union. No third-country transfers, period.
These are the third parties we use. Every one of them is either EU-based or locks data to EU regions:
| Sub-processor | Purpose | Location |
|---|---|---|
| Clerk, Inc. | User authentication, identity management | EU region (data residency enforced) |
| Mollie B.V. | Payment processing, subscription billing | Netherlands |
| Hetzner Online GmbH | API gateway, monitoring, control plane hosting | Germany |
| Verda Ltd | GPU compute for inference | Finland |
| TransIP B.V. | DNS hosting | Netherlands |
For what it's worth: Verda B300 instances don't persist anything. GPU memory is volatile and SGLang doesn't log inference data. No sub-processor can see your prompts or completions because we never send them those in the first place.
Here's what we do, technically and organizationally:
TLS for all API and web traffic. API keys are stored as SHA-256 hashes — plaintext keys are never written to disk. HMAC request signing with replay protection (requests older than 5 minutes are rejected). Rate limiting at the gateway. No persistent storage of prompts, completions, or conversation content — this is the big one. Infrastructure deployed as code (Terraform), so every change is auditable. Regular dependency scanning. And access to personal data is limited to the founder.
If one of your users sends you a GDPR request, we'll help you respond within 30 days. That covers access, rectification, erasure, restriction, and portability. Send those requests to hi@affordableai.eu.
Most subject access requests produce only account and billing data. There's no prompt content to hand over because we don't store any.
If we find out about a personal data breach, we'll tell you within 72 hours. Notifications go to the email on your account.
You can ask us to demonstrate compliance with this DPA. We'll provide a summary of security measures, the sub-processor list (this page is that, basically), and data flow docs if you need them. We don't do on-site audits for self-service customers — the economics don't make sense. Enterprise customers can negotiate separate audit terms.
Liability under this DPA follows the same limits as the Terms of Service.
Questions: hi@affordableai.eu. Enterprise customers can request a countersigned version.