Data Processing Addendum

This page summarises how LLM Metrix, Inc. ("we") processes personal data on behalf of customers ("you") who are subject to the EU/UK General Data Protection Regulation (GDPR). For customers who require a signed Data Processing Addendum (DPA), we make a standalone DPA — incorporating the EU Standard Contractual Clauses where applicable — available on request.

For account and project data you enter into the Service, you act as the data controller and we act as the data processor. We process that data only to provide and support the Service, in accordance with your instructions and our Privacy Policy.

We use a small number of vetted sub-processors to operate the Service — currently Supabase (database and authentication) and Vercel (hosting and privacy-friendly analytics). We will give notice before adding a new sub-processor. The current list is available on request.

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest and role-based access controls, and we assist you in responding to data-subject requests as required by GDPR.

To request our signed DPA, email privacy@llmmetrix.com.