Skip to content

Blueprint AI is here · $497/mo all in · 7-day free trial Start trial →

BLUEPRINT

Data Processing Addendum

Effective May 28, 2026

this DPA forms part of the MSA between blueprint and the customer and governs the processing of personal data.

Roles

customer is the data controller. blueprint is the data processor (or sub-processor where the customer is itself a processor).

Processing scope

blueprint processes personal data only as necessary to deliver the services described in the MSA or applicable SOW.

Sub-processors

current list at /legal/sub-processors. 30-day change notification.

Security

aligned with our SOC 2 Type II controls. described at /platform/security.

Data subject rights

we assist the customer in responding to data subject requests within applicable legal timeframes.

Breach notification

customer notified without undue delay, generally within 72 hours of confirmed breach.

Audit rights

annual SOC 2 report available. on-site audit on request, at customer expense.

International transfers

SCCs in place for EU↔US transfers. data residency options on enterprise tier.