CRUD App Builder Database Connections Multi-Platform Interface Designer User & Role Management
Internal Tools Customer Portals Inventory Apps CRM & Sales Operations & Workflows
Pricing
Changelog Blog
About Us Contact
Get Started Free →

Data Processing Agreement (DPA)

Last Updated: March 20, 2026

This DPA governs how LowCodeApps processes personal data on behalf of customers using the Service.

1. Purpose and Scope

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller") and LowCodeApps ("Processor") where Processor processes personal data on behalf of Controller in connection with the Service.

2. Roles of the Parties

Controller determines the purposes and means of processing of Customer Personal Data. Processor processes Customer Personal Data on behalf of Controller and in accordance with Controller's documented instructions, this DPA, and applicable law.

3. Subject Matter and Duration

The subject matter of processing is the provision of the Service. Processing continues for the duration of the applicable service agreement, unless earlier terminated in accordance with that agreement or this DPA.

4. Nature and Purpose of Processing

Processing may include collection, storage, organization, structuring, retrieval, consultation, use, transmission, analysis, deletion, and other operations necessary to provide, secure, support, and maintain the Service.

5. Categories of Data and Data Subjects

Customer Personal Data may include account details, contact information, device and log data, support communications, prompts, files, application data, and any personal data submitted by Controller through the Service. Data subjects may include Controller personnel, end users, customers, contractors, or other individuals whose personal data is processed through the Service.

6. Processor Obligations

  • Process Customer Personal Data only on documented instructions from Controller, unless otherwise required by law
  • Ensure persons authorized to process Customer Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist Controller with data subject requests and compliance obligations where reasonably required
  • Notify Controller of a personal data breach without undue delay after becoming aware of it

7. AI-Specific Processing Terms

Where Controller uses AI-enabled features, Processor may process prompts, files, contextual content, outputs, and related metadata to provide and secure those features.

  • Processor will process AI-related Customer Personal Data only as necessary to provide the Service, maintain security, prevent abuse, and comply with law.
  • Unless expressly agreed in writing or disclosed in service documentation accepted by Controller, Processor will not use Customer Personal Data from paid workspaces to train generalized models for third-party products.
  • Controller remains solely responsible for assessing whether AI features are appropriate for its use case and whether additional notices, consents, or impact assessments are required.
  • Controller is responsible for reviewing any AI-generated output before using it in production or making decisions affecting individuals.

8. Subprocessors

Controller authorizes Processor to engage subprocessors to provide parts of the Service, including hosting, storage, support, analytics, communications, payments, and AI or inference providers. Processor will impose data protection obligations on subprocessors that are materially no less protective than those in this DPA.

9. International Transfers

Where Customer Personal Data is transferred internationally, Processor will implement appropriate safeguards as required by applicable data protection law, including Standard Contractual Clauses where appropriate.

10. Security Measures

Processor will maintain reasonable technical and organizational measures designed to protect Customer Personal Data, which may include access controls, encryption in transit where appropriate, logging, monitoring, backup practices, and environment segregation appropriate to the Service.

11. Assistance and Audits

Taking into account the nature of processing and the information available to Processor, Processor will provide reasonable assistance to Controller in responding to data subject requests, conducting required assessments, and demonstrating compliance. Upon written request, Processor may provide information reasonably necessary to demonstrate compliance, subject to confidentiality, proportionality, and security limitations.

12. Deletion and Return of Data

Upon termination of the Service and written request, Processor will delete or return Customer Personal Data, unless retention is required by law or necessary for limited security, backup, or recordkeeping purposes consistent with applicable law.

13. Liability

Liability under this DPA is subject to the limitations and exclusions set out in the applicable Terms of Service or master agreement, unless prohibited by applicable law.

14. Contact

Questions about this DPA may be sent to legal@lowcodeapps.dev.

Related: Terms of Service · Privacy Policy · Acceptable Use Policy