Responsible AI

Responsible AI, Sub-Processors & Data Processing Addendum (DPA)

Last Updated: 2nd of February 2026

‍

3. Responsible AI Guidelines

These Responsible AI Guidelines govern the use of artificial intelligence on the MATEXT Platform.
They form part of the Platform Terms & Conditions.

By using the Platform, you agree to comply with these Guidelines.
In case of conflict with the Terms, the Terms prevail, except where these Guidelines impose stricter obligations.

3.1 Prohibited Uses

Customers shall not use the Platform, its Services, or Outputs:

In violation of laws or regulations.
In violation of advertising codes or industry standards.
Infringing third-party rights (intellectual property, privacy, likeness, publicity).
For obscene, pornographic, violent, hateful, or inflammatory purposes.
To exploit or harm minors or vulnerable individuals.
To generate or disseminate false or misleading content.
To promote self-harm or offensive material.
For military, paramilitary, or militia purposes.
To incite violence, unrest, or political insurrection.
For fraud, scams, spam, or deceptive activities.
For political campaigning involving high-volume or targeted content.
To generate deep fakes without disclosure.
In ways that would classify the system as a “high-risk AI” under Article 6 of the EU AI Act (Regulation (EU) 2024/1689).

4. Sub-Processor List

To support delivery of our Services, MATEXT engages Sub-Processors that process Customer Personal Data as described in the Data Processing Addendum (DPA).

Current Sub-Processors (as of 29 September 2025):

Amazon Web Services (AWS) – Hosting (EU, Switzerland)
Google – Cloud tools & Analytics (US, EU)
Slack – Communication (US)
Cloudflare – Content delivery (US)
Atlassian – Project management (US)
Sentry – Error tracking (US)
Notion – Project management (US)
GitHub – Code & project management (US)
Figma – Design collaboration (US)
Vanta – Compliance & risk management (US)

Subscribers are responsible for ensuring MATEXT communications (e.g. data protection alerts, sub-processor updates) reach the correct contact within their organization.

5. Data Processing Addendum (DPA)

This DPA forms part of the Agreement between MATEXT (Processor) and the Customer (Controller/Processor).

5.1 Scope

Applies where GDPR or other data protection laws govern MATEXT’s processing of Customer Personal Data.
Does not cover MATEXT’s own internal processing (marketing, analytics, compliance).

5.2 Key Definitions

Customer Personal Data: Personal data processed via the Services.
Data Subject: An individual to whom the data relates.
Sub-Processor: Third parties engaged by MATEXT.
Personal Data Breach: Unauthorized access, loss, or disclosure of Customer Data.

5.3 Processing Principles

MATEXT processes Customer Data only on Customer’s instructions or when legally required.
Customers are responsible for providing a lawful basis and required consents.
Restricted Data (e.g. health, biometric, payment info, children’s data) must not be submitted.

5.4 Security

MATEXT implements safeguards including:

Role-based access controls
Encryption & secure storage
Logging & monitoring
Incident response & breach notification
Regular audits & assessments
Business continuity & disaster recovery plans

5.5 Sub-Processors

MATEXT may appoint Sub-Processors with notice.
Customers may object on valid grounds; unresolved objections may permit termination.
MATEXT remains liable for Sub-Processor compliance.

5.6 Data Subject Rights

MATEXT assists Customers with access, rectification, deletion, and other GDPR rights.

5.7 Breach Notification

Customers will be notified without undue delay in the event of a confirmed Personal Data Breach.

5.8 Return & Deletion

At termination, Customer Data will be returned or securely deleted, except where law requires retention.

5.9 Liability & Variations

Liability is capped in line with the main Agreement.
MATEXT may update this DPA to remain compliant with applicable laws.