Mentron Labs

Data Processing Agreement (DPA)

Last updated: October 9, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions between Mentron Labs GmbH (“Processor”) and any customer or organization using Mentron Labs services (“Controller”). It governs the processing of personal data under Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”).

1. Purpose and Scope

This DPA sets out the terms and conditions under which Mentron Labs processes personal data on behalf of the Controller in connection with the provision of cloud compute, GPU, and platform services.

2. Roles and Responsibilities

  • Controller: Determines the purposes and means of processing personal data.
  • Processor (Mentron Labs): Processes personal data only on documented instructions from the Controller and in accordance with this DPA.

3. Nature of Processing

Mentron Labs processes data that may include customer identifiers, usage metrics, uploaded datasets, or model artifacts, solely to deliver the contracted cloud compute services.

4. Data Location and Storage

All customer data is stored and processed within the European Union. Mentron Labs ensures data residency in EU-based datacenters compliant with ISO 27001 and GDPR requirements.

5. Confidentiality and Security

Mentron Labs implements appropriate technical and organizational measures to ensure data security, including but not limited to:

  • Encryption at rest and in transit
  • Access control and role-based authentication
  • Audit logging and incident monitoring
  • Regular security testing and vulnerability patching

6. Sub-Processors

Mentron Labs may engage third-party sub-processors for limited operational purposes (e.g., hosting infrastructure, analytics). These sub-processors are bound by data protection obligations equivalent to those in this DPA.

Current sub-processors:

  • Stripe Payments Europe Ltd. (payment processing)

7. Data Subject Rights

Mentron Labs assists Controllers, where technically feasible, in fulfilling obligations related to data subjects’ rights under GDPR Articles 12–23, including access, rectification, and deletion requests.

8. Data Breach Notification

In the event of a personal data breach, Mentron Labs will notify the Controller without undue delay and provide all relevant details to support regulatory reporting or mitigation efforts.

9. Data Retention and Deletion

Upon termination of the service or written request, Mentron Labs will delete or return all personal data processed on behalf of the Controller within 30 days, unless retention is required by law.

10. Compliance and Audits

Mentron Labs maintains documentation to demonstrate compliance with GDPR Article 28 and will make such information available to the Controller upon reasonable request or during regulatory audits.

11. Governing Law and Jurisdiction

This DPA shall be governed by the laws of Austria. Any dispute shall fall under the exclusive jurisdiction of the courts of Vienna, Austria.

12. Contact

Mentron Labs GmbH
Vienna, Austria
📧 privacy@mentronlabs.com
🌐 mentronlabs.com

13. Download Full DPA

For a signed, legally binding version of this agreement suitable for enterprise contracts, you may download our official PDF:

Download Mentron Labs DPA (PDF)