DPA


Data Processing Addendum

How bear.ai processes data for business customers and dataset licensees — roles, security, sub-processors, and transfers.


Last updated · June 19, 2026

Overview

This page summarises bear.ai's Data Processing Addendum ("DPA"), which forms part of the agreement between bear.ai and its business customers and dataset licensees ("Customer"). The full, signable DPA is available on request — email hello@beardata.co.

For how bear.ai handles personal information of RUB players, see our Privacy Policy.

Roles and scope

bear.ai anonymises contributor data before it is packaged into a dataset. Datasets are designed not to identify individuals. Where bear.ai processes any personal data on a Customer's behalf, it does so as a processor, acting only on documented instructions and for the purposes set out in the agreement.

Security measures

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Least-privilege, role-based access with audit logging.
  • Quarantined raw data; only scrubbed content reaches the dataset packager.
  • Secrets encrypted and rotated; no secrets in source control.
  • Documented incident response, with breach notification as required by law.

Sub-processors

bear.ai uses a vetted set of sub-processors to deliver the service (including cloud hosting, authentication, and AI model providers). The current list and a mechanism to receive change notices are provided with the signed DPA.

International transfers

Where personal data is transferred across borders, bear.ai relies on appropriate safeguards, including Standard Contractual Clauses where applicable. We honour applicable data-subject rights under GDPR and CCPA/CPRA.

Requesting the DPA

To request a copy of the full DPA, a security pack, or our sub-processor list, contact hello@beardata.co.