Path: blob/master/src/packages/next/pages/policies/dpa.tsx
14423 views
/*1* This file is part of CoCalc: Copyright © 2026 Sagemath, Inc.2* License: MS-RSL – see LICENSE.md for details3*/45import { Layout } from "antd";67import { COLORS } from "@cocalc/util/theme";8import A from "components/misc/A";9import Footer from "components/landing/footer";10import Head from "components/landing/head";11import Header from "components/landing/header";12import { MAX_WIDTH } from "lib/config";13import { Customize, type CustomizeType } from "lib/customize";14import withCustomize from "lib/with-customize";1516interface Props {17customize: CustomizeType;18}1920export default function DataProcessingAddendumPage({ customize }: Props) {21return (22<Customize value={customize}>23<Head title="Data Processing Addendum" />24<Layout>25<Header page="policies" subPage="dpa" />26<Layout.Content27style={{28backgroundColor: COLORS.WHITE,29}}30>31<div32style={{33maxWidth: MAX_WIDTH,34margin: "15px auto",35padding: "15px",36fontSize: "12pt",37}}38>39<div style={{ textAlign: "center" }}>40<h1>CoCalc - Data Processing Addendum</h1>41<p>Last Updated: April 15, 2026</p>42</div>43<div>44<p>45This Data Processing Addendum ("<b>DPA</b>") is incorporated46into the SageMath, Inc. Terms of Service ("<b>Agreement</b>")47and applies to the processing of Personal Data by SageMath, Inc.48on behalf of its Users.49</p>50<h1>1. Nature and Purpose of Processing</h1>51<p>52SageMath, Inc. provides a collaborative cloud-based platform53(CoCalc) for research, analysis, and scientific publishing. The54Subject Matter of the processing is the data uploaded, created,55or processed by the User within the CoCalc environment.56</p>57<ul>58<li>59<b>Hosted Platform</b>: Data is stored and processed on60SageMath, Inc. infrastructure to provide core platform61functionality.62</li>63<li>64<b>User-Directed Compute</b>: Users may explicitly choose the65geographic location and infrastructure provider for specific66compute tasks. In such cases, SageMath, Inc. processes data in67the location selected by the User.68</li>69<li>70<b>AI-Assisted Features</b>: SageMath, Inc. provides optional71integrations with third-party AI providers. Data is72transmitted to these providers only upon explicit initiation73by the User.74</li>75</ul>76<h1>2. Sub-processors</h1>77<p>78The Controller (User) provides a general authorization for79SageMath, Inc. to engage sub-processors.80</p>81<ul>82<li>83<b>Current List</b>: A current list of sub-processors is84maintained at the{" "}85<b>86SageMath, Inc. Trust Center (87<A href="https://trust.cocalc.com/">88https://trust.cocalc.com/89</A>90)91</b>92.93</li>94<li>95<b>Notification of Changes</b>: Users may subscribe to96notifications of changes to the sub-processor list directly97via the Trust Center. SageMath, Inc. will provide at least{" "}98<b>15 days' notice</b> before authorizing any new99sub-processor to process Customer Data, during which time the100Controller may object to the change in writing.101</li>102</ul>103<h1>3. Security of Processing</h1>104<p>105SageMath, Inc. shall implement and maintain appropriate106technical and organizational measures to protect Customer Data107against unauthorized access, loss, or disclosure. These measures108include, but are not limited to:109</p>110<ul>111<li>112<b>Encryption</b>: Data is encrypted at rest and in transit113using industry-standard protocols.114</li>115<li>116<b>Access Control</b>: Access to production environments is117restricted to authorized personnel on a "need-to-know" basis.118</li>119<li>120<b>Audit</b>: SageMath, Inc. undergoes regular security121assessments and maintains documentation of its security122controls (e.g., SOC 2 Type II report).123</li>124</ul>125<h1>4. GDPR Representation</h1>126<p>127Pursuant to Article 27 of the GDPR, SageMath, Inc. has appointed128the following representatives for data protection matters in the129EU and UK:130</p>131<ul>132<li>133<b>EU Representative</b>: Adam Brogden, Instant EU GDPR134Representative Ltd (Ireland). Contact:{" "}135<A href="mailto:[email protected]">136[email protected]137</A>138.139</li>140<li>141<b>UK Representative</b>: Adam Brogden, GDPRLocal Ltd.142Contact:{" "}143<A href="mailto:[email protected]">144[email protected]145</A>146.147</li>148</ul>149<h1>5. Data Subject Rights and Collaboration</h1>150<ul>151<li>152<b>User-Controlled Deletion</b>: SageMath, Inc. provides the153Controller with the ability to delete files, projects, and154accounts directly through the CoCalc interface.155</li>156<li>157<b>Requests to SageMath, Inc.</b>: If SageMath, Inc. receives158a request from a Data Subject to exercise their rights159regarding data contained within a project owned by another160User, SageMath, Inc. will forward that request to the project161owner.162</li>163<li>164<b>Collaborative Integrity</b>: The Controller acknowledges165that in a collaborative environment, the deletion of a Data166Subject's account may not result in the deletion of data167contained within projects owned by other Users, as that data168is part of the other User's records.169</li>170</ul>171<h1>6. International Data Transfers</h1>172<ul>173<li>174<b>Standard Contractual Clauses (SCCs)</b>: For transfers of175Personal Data from the EU/EEA to countries that do not ensure176an adequate level of data protection, the parties hereby177incorporate by reference the{" "}178<b>179Standard Contractual Clauses (Module Two:180Controller-to-Processor)181</b>182.183</li>184<li>185<b>UK Addendum</b>: For transfers from the UK, the{" "}186<b>International Data Transfer Addendum</b> to the EU SCCs is187hereby incorporated.188</li>189<li>190<b>Hierarchy</b>: In the event of a conflict between this DPA191and the SCCs, the SCCs shall prevail.192</li>193</ul>194<h1>7. Data Deletion and Return</h1>195<p>196Upon termination of the Agreement or at the Controller's197request, SageMath, Inc. shall delete or return all Customer Data198in its possession, unless applicable law requires continued199storage. Data is typically deleted within 60 days of contract200termination.201</p>202<h1>8. Audit and Compliance</h1>203<p>204SageMath, Inc. shall make available to the Controller all205information reasonably necessary to demonstrate compliance with206Article 28 of the GDPR. The Controller acknowledges that207SageMath, Inc.'s maintenance of a <b>SOC 2 Type II</b>{" "}208report satisfies the Controller's right to audit SageMath,209Inc.'s technical and organizational measures.210</p>211<h1>9. Liability</h1>212<p>213The total liability of each party under this DPA shall be214subject to the limitation of liability provisions set forth in215the SageMath, Inc. Terms of Service.216</p>217<hr />218<p>219<b>220This DPA is incorporated into the SageMath, Inc. Terms of221Service by reference and is effective as of the date the User222first accesses the CoCalc platform.223</b>224</p>225</div>226</div>227<Footer />228</Layout.Content>229</Layout>230</Customize>231);232}233234export async function getServerSideProps(context) {235return await withCustomize({ context });236}237238239