Legal

Data Processing Agreement

Last updated: June 29, 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between you (“Customer”) and Kipper Inc. (“Kipper,” “we,” “us,” or “our”) governing your access to and use of the Kipper conversational finance intelligence platform (the “Service”) (the “Agreement”).

This DPA reflects the parties’ agreement on the processing of Personal Data in connection with the Service. Where this DPA conflicts with the Agreement, this DPA controls with respect to the processing of Personal Data.

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person that Kipper processes on Customer’s behalf under the Agreement.
  • “Customer Data” means data Customer’s authorized users submit to, or that the Service retrieves from Customer’s connected systems, in the course of using the Service.
  • “Processing” means any operation performed on Personal Data, whether automated or not (collection, storage, retrieval, use, disclosure, deletion, etc.).
  • “Controller,” “Processor,” “Data Subject,” and “Supervisory Authority” have the meanings given under applicable Data Protection Laws.
  • “Data Protection Laws” means all laws applicable to the processing of Personal Data under the Agreement, including, where applicable, the California Consumer Privacy Act as amended (“CCPA/CPRA”) and other U.S. state privacy laws, and — to the extent Customer is subject to them — the EU and UK General Data Protection Regulations (“GDPR”).
  • “Sub-processor” means any third party engaged by Kipper to process Personal Data in connection with the Service.

2. Roles of the Parties

For Personal Data processed under the Agreement, Customer is the Controller (or processor acting on behalf of a third-party controller) and Kipper is the Processor (or sub-processor). For purposes of the CCPA/CPRA, Kipper acts as a Service Provider and processes Personal Data solely to perform the Service.

3. Scope and Purpose of Processing

Kipper processes Personal Data only:

  • to provide, secure, support, maintain, and improve the Service;
  • in accordance with Customer’s documented instructions, including those set out in the Agreement and this DPA; and
  • as required by applicable law (in which case Kipper will, where legally permitted, inform Customer of the requirement before processing).

The Service queries Customer’s connected systems to generate responses to natural-language queries. Kipper does not write to, modify, or delete data in Customer’s connected systems. The level of access required varies by integration; some connected systems require administrative permissions to read the data needed to provide the Service. The subject matter, nature, categories of Data Subjects, and types of Personal Data are described in Annex A.

4. Customer Obligations

Customer is responsible for the accuracy and legality of Customer Data and for having an appropriate legal basis to provide it to Kipper for processing. Customer is responsible for configuring data-access controls for its authorized users within the Service.

5. Confidentiality

Kipper ensures that personnel authorized to process Personal Data are bound by appropriate obligations of confidentiality and access Personal Data only on a need-to-know basis.

6. Security Measures

Kipper maintains technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. A summary appears in Annex C.

7. Use of Artificial Intelligence; No Model Training

The Service uses large language models (“LLMs”) to interpret natural-language queries and generate responses. LLM inference is performed through AWS-managed Amazon Bedrock, under Kipper’s AWS account configuration. Under AWS’s published Amazon Bedrock documentation, AWS states that Bedrock:

  • does not store customer input data or model output data;
  • does not share that data with the third-party model providers whose models it hosts — each model provider operates within a dedicated model deployment account that the provider cannot access, and model-invocation traffic stays within the AWS network; and
  • does not use that data to train any models.

Accordingly:

  • No model training. Customer Data and Personal Data are not used to train, fine-tune, or otherwise develop or improve any third-party foundation models or generalized machine-learning models.
  • Purpose limitation. Personal Data sent for LLM inference is processed to generate the response to the originating query. Amazon Bedrock operates an automated abuse-detection mechanism, with no human access to input or output data.

LLM inference is provided through Amazon Web Services (see Annex B); no separate model-provider sub-processor receives Customer Data.

8. Sub-processors

Customer provides general written authorization for Kipper to engage Sub-processors to process Personal Data. Kipper engages each Sub-processor under written terms requiring data-protection obligations materially consistent with this DPA or as required by applicable law.

A current list of Sub-processors is maintained at kipper.com/subprocessors and is reproduced for reference in Annex B. Customer’s continued use of the Service after a change is posted constitutes acceptance of the updated list.

9. Data Subject Rights

Taking into account the nature of the processing, Kipper will provide reasonable assistance to Customer, through appropriate technical and organizational measures, to respond to requests from Data Subjects to exercise their rights under Data Protection Laws. If Kipper receives such a request directly, it will, where legally permitted, direct the Data Subject to Customer.

10. Personal Data Breach

Kipper will notify Customer of a Personal Data breach affecting Customer’s Personal Data in accordance with applicable law, and will provide information reasonably available to it to assist Customer with Customer’s own obligations.

11. Return and Deletion of Personal Data

Upon termination or expiry of the Agreement (including after a trial or evaluation ends), Kipper will delete or return Personal Data in accordance with the Agreement, except where retention is required by applicable law. Kipper stores a working copy of Customer’s financial data to provide the Service; this copy is not Customer’s authoritative books and records, which remain in Customer’s connected systems, and will be deleted within a reasonable period following termination, subject to applicable legal retention requirements.

12. Audits

Kipper will make available information reasonably necessary to demonstrate compliance with its obligations under this DPA, subject to reasonable confidentiality, security, scheduling, and non-disruption requirements.

13. International Transfers

Kipper processes Personal Data in the United States. Customer is responsible for determining whether its use of the Service involves a transfer of Personal Data subject to applicable data protection law and for ensuring an appropriate legal basis exists for any such transfer. Where Customer determines that a transfer mechanism is required, Kipper will cooperate with Customer to put in place an appropriate mechanism. Kipper’s total liability arising from any such transfer remains subject to the limitations of liability in the Agreement.

14. Liability

Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

15. Term

This DPA takes effect when Customer accepts the Agreement — including through any free trial, pilot, beta, evaluation, or other unpaid access to the Service — and remains in force for as long as Kipper processes Personal Data on Customer’s behalf.


Annex A — Details of Processing

Subject matterProvision of the Kipper conversational finance intelligence Service.
Nature of processingRetrieval and storage of data from Customer’s connected systems; natural-language query processing; generation and delivery of responses through messaging and chat interfaces, such as Slack, Microsoft Teams, or SMS. Kipper does not write back to Customer’s connected systems.
PurposeEnabling authorized users to query their data in plain language.
Categories of Data SubjectsCustomer’s authorized users; and individuals referenced within Customer’s data (e.g., customer/vendor contacts, employees named on transactions).
Categories of Personal DataNames, business contact details, and any personal data contained in records Customer chooses to query (e.g., names on invoices, bills, or payments). Depending on Customer’s configuration, connected systems may contain sensitive personal information (such as payroll, bank, or tax details).
Special-category dataThe Service is not designed to process GDPR special-category data, and Customer must not intentionally use it for that purpose.

Annex B — Sub-processors

This Annex reproduces the list maintained at kipper.com/subprocessors for reference. The published page is the source of truth.

Sub-processorPurposePersonal Data processedPrimary location
Amazon Web Services (AWS)Cloud hosting and storage (Customer Data logically separated with application-level access controls); LLM inference via AWS-managed Amazon Bedrock (no model training; see §7)Customer Data hosted in Kipper’s AWS environment; query text and retrieved data used for LLM inferenceUnited States
Stripe, Inc.Subscription billing and payment processingBilling contact and account data; full payment card numbers and security codes are handled by Stripe and not stored by KipperUnited States
Twilio Inc.SMS message delivery for the SMS interfacePhone numbers and message content of SMS interactionsUnited States
Sentry (Functional Software, Inc.)Application error and performance monitoringDiagnostic and error data, which may include limited personal data present at the time of an errorUnited States
PostHog, Inc.Product analytics and session recording (logged-in platform users)Product usage data, identifiers, and session-recording data, which may include personal dataUnited States
Google LLC (Google Workspace)Business email, productivity, and internal/support communicationsBusiness contact details and any personal data contained in communicationsUnited States

Primary location reflects where Customer Data is principally processed; Sub-processors may process data in other locations under their own transfer terms.

Customer-directed integrations. Services that Customer connects at its own direction — such as its source systems and the messaging or chat interfaces it chooses (e.g., Slack, Microsoft Teams) — are not Kipper Sub-processors; Customer’s use of those services is governed by Customer’s own agreements with their providers. (Kipper-provided SMS is delivered through Twilio, which is a Sub-processor listed above, not a customer-directed integration.)

Annex C — Technical and Organizational Measures

  • Read-only behavior. Kipper does not write to, modify, or delete data in Customer’s connected systems. The authorization scopes required vary by connected system; some systems require administrative permissions to read the data needed to provide the Service.
  • Segregation. Customer Data is logically separated within Kipper’s environment using application-level access controls and other safeguards.
  • Encryption. Within Kipper-controlled infrastructure, Personal Data is encrypted in transit and at rest where practicable. Personal Data delivered through third-party channels (such as SMS, Slack, or Microsoft Teams) is subject to those providers’ own security and transport protections, which Kipper does not control.
  • Access control. Access controls designed to limit personnel access to those with a business need.
  • Audit logging. The platform may log access and query activity for security and audit purposes.
  • AI processing. LLM inference runs through AWS-managed Amazon Bedrock; data is not used for model training (see §7).

Questions about this DPA: legal@kipper.com. Related: Privacy Policy · Sub-processors · Terms of Service.