Discover our latest updates and insights. Read the blog

Data Processing Agreement

Last updated: January 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Triqai (a trade name of Rediant, registered in the Netherlands, KVK 97621803) ("Processor") and the customer using the Services ("Customer" or "Controller").

This DPA applies where Triqai processes personal data on behalf of the Customer in connection with the Triqai API and related services.

1. Purpose and Scope

This DPA governs the processing of personal data by Triqai on behalf of the Customer in accordance with Article 28 of the GDPR.

Triqai processes personal data only on documented instructions from the Customer and solely to provide the Services.

2. Roles of the Parties

  • The Customer acts as Data Controller.
  • Triqai acts as Data Processor when processing API data submitted by the Customer.

Triqai acts as an independent data controller only for its own user accounts, billing, and service administration, which are governed by the Privacy Policy and not this DPA.

3. Subject Matter and Duration of Processing

  • Subject matter: Processing of transaction data submitted via the Triqai API for enrichment purposes.
  • Duration: For the duration of the Customer's use of the Services and until deletion is requested or the agreement is terminated.

4. Nature and Purpose of Processing

Triqai processes personal data to:

  • Enrich transaction data submitted by the Customer
  • Display enrichment results to the Customer
  • Maintain and improve enrichment accuracy

Processing operations may include analysis, classification, normalization, and enrichment.

5. Categories of Data Subjects

  • End users or customers of the Customer
  • Individuals referenced in transaction descriptions submitted by the Customer

6. Categories of Personal Data

The Customer may submit:

  • Transaction descriptions, which may include personal data

Based on transaction descriptions, Triqai may generate derived enrichment data (such as merchant entities, company identifiers, locations, and payment processors).

  • Raw transaction descriptions are stored only within the Customer's organization.
  • Derived enrichment data shared across customers is based on non-PII transactional signals and is not intended to identify individuals.
  • Organization-specific enrichment results that may contain personal or contextual data remain scoped to the Customer's organization.

7. Processor Obligations

Triqai shall:

  1. Process personal data only on documented instructions from the Customer.
  2. Ensure personnel authorized to process personal data are bound by confidentiality.
  3. Implement appropriate technical and organizational security measures.
  4. Not sell personal data or use it for advertising purposes.
  5. Not use Customer data to train AI models.
  6. Assist the Customer in fulfilling data subject rights under the GDPR.
  7. Assist with security incidents, DPIAs, and regulatory inquiries where reasonably required.

8. Security Measures

Triqai implements appropriate security measures, including:

  • Encryption in transit (HTTPS)
  • Secure hosting environments
  • Organization-scoped access controls
  • API keys and rate limiting
  • Monitoring and incident response procedures

9. Sub-Processors

The Customer authorizes Triqai to engage sub-processors for the provision of the Services.

Sub-processors are used for:

  • Cloud infrastructure and hosting
  • Database services
  • Billing and payment processing
  • Email delivery
  • Monitoring and error tracking

Triqai ensures sub-processors are bound by data protection obligations consistent with this DPA.

10. International Data Transfers

Triqai processes data primarily within the European Union.

Where processing occurs outside the EU, Triqai applies appropriate safeguards, including Standard Contractual Clauses, in accordance with GDPR requirements.

11. Data Subject Requests

Triqai shall assist the Customer, where applicable, in responding to requests from data subjects to exercise their rights under the GDPR, including access, rectification, and deletion.

12. Personal Data Breaches

Triqai shall notify the Customer without undue delay after becoming aware of a personal data breach involving Customer data, and provide reasonable assistance to support compliance with GDPR obligations.

13. Deletion or Return of Data

Upon termination of the Services or upon request, Triqai shall delete all personal data processed on behalf of the Customer without undue delay, unless retention is required by applicable law.

14. Audits

Upon reasonable request, Triqai shall make available information necessary to demonstrate compliance with this DPA, taking into account confidentiality and security obligations.

15. Liability

Liability arising under this DPA is subject to the limitations of liability set out in the Terms of Service.

16. Governing Law and Jurisdiction

This DPA is governed by the laws of the Netherlands.

Any disputes arising from this DPA shall be subject to the exclusive jurisdiction of the Dutch courts.

17. Order of Precedence

In the event of a conflict between this DPA and the Terms of Service, this DPA shall prevail with respect to data protection matters.

18. Acceptance

This DPA is automatically incorporated into and forms part of the Terms of Service. By using the Services, the Customer agrees to this DPA.