Data Processing Agreement

DPA Appendix to the Altera Terms of Service
Last updated: 15.05.2026

1. Nature of this document

This Data Processing Agreement is an appendix to the Altera Terms of Service and applies to clients who, when using the Service, entrust Altera with the processing of personal data.

Acceptance of the Terms means acceptance of this DPA, unless the parties have entered into a separate data processing agreement.

If there is any inconsistency between the DPA and the Terms in the area of personal data processing, this DPA prevails. Enterprise clients may agree separate provisions with Altera.

2. Roles of the parties

• The client is the controller of personal data entered, uploaded or processed in the Service when using Altera services.
• Altera acts as a processor for personal data processed on behalf of the client in connection with providing the Service.
• Altera may act as a separate controller for data related to its own relationship with the client, in particular contact, billing, sales, marketing, account security and communication data.

3. Scope and purpose of processing

Altera processes personal data to provide, maintain, secure and develop the Service, including:

• handling sales, costs, invoices and documents;
• handling contractors, payments and payment batches;
• handling messages and mailbox integration for cost invoices;
• handling finance, company settings, KSeF, Open Banking and electronic document workflow;
• automated processing, classification and categorization of data;
• supporting the API, enova365 integrations, the mobile application and the ChatGPT plugin;
• monitoring errors, diagnostics, security and technical support.

4. Categories of data

• user data: first name, last name, email address, user identifiers, roles and permissions;
• company and contractor data: name, tax identification number, address, representatives and contact details;
• document and accounting data: invoices, costs, attachments, descriptions, categories, comments and activity history;
• financial and banking data: account numbers, payment batches, payment QR codes, balances and transaction history in the Open Banking module;
• KSeF data and data from public systems, if the client uses the relevant integration;
• technical and diagnostic data, including logs, traces, request/response diagnostics, metadata and AI/OCR processing results.

5. Categories of data subjects

• client users;
• client employees and contractors;
• client contractors and persons representing contractors;
• persons identified in accounting, financial, banking or commercial documents;
• client-side contact persons.

6. Duration of processing and retention

Altera processes data for the duration of the agreement with the client and for the period necessary to perform obligations after the agreement ends.

After the active subscription ends, the client receives 30 days of free technical access to download data. During this time, Altera may offer an Archive Package that provides read-only access for at least 12 months, with the possibility of automatic renewal.

Access after subscription end: 30 days free of charge, only for data export

Archive Package: at least 12 months read-only, with the possibility of automatic renewal

RPO: up to 4 hours

RTO: up to 24 hours

Database backup: up to 30 days

File backup after deletion from the system: up to 60 days

Deletion of data from backups: after the full backup cycle has completed

7. Subprocessors

The client gives Altera general authorization to use subprocessors listed in the public subprocessors list.

The current list of subprocessors is published at: https://altera.co/en/data-processing

Altera will inform the client about a planned addition or replacement of a subprocessor at least 30 days in advance, unless the change is required for security, legal or service continuity reasons.

The client may object to a subprocessor change only on justified grounds related to personal data protection. If the objection cannot be resolved, the client may stop using the service or module affected by the change.

8. Monitoring and diagnostic data

To maintain the security, stability and quality of the service, Altera may process short-term diagnostic data, including technical request/response data related to application operation.

• diagnosing errors and reproducing support requests;
• incident analysis and system monitoring;
• ensuring the security, integrity and continuity of the service;
• verifying the operation of integrations, AI/OCR features and automation processes.

Diagnostic data in Lumigo is retained as standard for up to 14 days. Access to production data in Lumigo is limited to an authorized person on the Altera side. Credentials, tokens, passwords and secrets are masked.

For regulated clients, Altera may agree a restricted logging mode for selected areas, in particular AI/OCR and Open Banking.

9. AI/OCR and automated processing

Altera may use AI/LLM models for automated reading, classification, extraction and categorization of data from documents. OpenAI and Google AI/Gemini models are used alternatively, depending on the process and configuration.

Documents or attachments uploaded by the client may be sent to AI/OCR. If mailbox integration is used, attachments are sent to AI/OCR, not the full email body.

Automated processing results are presented to the user for verification. In case of uncertainty, the system may mark data as requiring manual review. Enterprise clients may agree restrictions on AI/LLM processing in a separate agreement or addendum.

10. Altera administrative access

• service access takes place in the context of a client request submitted by ticket or email;
• a member of the Altera team requests access to the company context;
• the request is logged and linked to the support request;
• access is time-limited, as standard up to 24 hours;
• modifying actions are logged;
• access is used to reproduce the issue and handle the support request.

11. Technical and organizational measures

Data separation: logical data separation per company/tenant, company_id and an abstraction layer limiting access to the data context

Permissions: roles and permissions per company; the client manages users and access rights

Internal access: SSO/MFA, production access limited to authorized persons

Environments: separate production and dev/QA environments

Monitoring: CloudWatch, Lumigo, Sentry, status page

Backup and DR: database and file backups, CRR for files, RPO 4h, RTO 24h, DR region eu-north-1

SDLC: code review, branch protection, dependency and secret scanning, manual production approval, IaC-based rollback

Secrets: AWS Secrets Manager / SSM depending on the secret type

Vulnerabilities: weekly scans for known vulnerabilities, security@altera.co channel

12. Client assistance and audits

Altera assists the client in fulfilling GDPR obligations to the extent possible given the nature of the service, in particular through data export, deletion of data after agreement termination, information about subprocessors, security information and support in handling incidents affecting Altera services.

Altera provides the client with information necessary to demonstrate compliance with the DPA within a reasonable scope, in particular through the public Security page, the subprocessors list, the description of technical and organizational measures, the security questionnaire, vendor documents where available, and the DORA Customer Pack for regulated clients.

A direct client audit may be agreed individually, in particular for enterprise or regulated clients, subject to confidentiality, the security of other clients and Altera organizational rules.