UniMate · Trust Trust center

Template · v1.2

Data Processing Agreement

This is the public template offered by UniMate AG. Universities and other institutional partners can emailpartnerships@getunimate.comfor a counter-signed copy on letterhead and any custom annexes.

1. Parties

Processor: UniMate AG, Bahnhofstrasse 1, 8001 Zürich, Switzerland (UID CHE-417.286.953).
Controller: the institution executing this agreement (the "University").

2. Subject matter & duration

UniMate processes student personal data on behalf of the University to provide academic productivity services (schedule, GPA tracking, deadlines, AI-assisted study, flashcards, and study rooms) for the duration of the underlying service agreement and for up to 30 days after termination for backup retention.

3. Categories of data subjects & data

  • Data subjects: students, faculty, and administrative staff with UniMate accounts.
  • Data: name, email, university, faculty, year, schedule, notes, decks, AI conversations (opt-in), payment status, IP at session establishment.
  • No special-category data (Art. 9 GDPR) is intentionally collected. Notes & AI conversations are user-generated; users are reminded not to paste sensitive data.

4. Processor obligations

  • Process personal data only on documented instructions from the University.
  • Ensure persons authorised to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational measures (Annex A) including encryption in transit + at rest, role-based access, regular backups, vulnerability management.
  • Assist the University with Articles 32–36 GDPR obligations.
  • Notify the University without undue delay (≤ 72h) of any personal data breach.
  • Make available to the University all information necessary to demonstrate compliance and allow audits.
  • Delete or return all personal data after end of provision of services, subject to legal retention requirements.

5. Sub-processors

The University consents to the engagement of the sub-processors listed atgetunimate.com/trust#subprocessors. UniMate notifies the University at least 14 days before adding or replacing a sub-processor; the University may object, and where the parties cannot agree, terminate the agreement.

6. International transfers

Where personal data is transferred to a country outside the EEA / Switzerland, UniMate ensures appropriate safeguards including the European Commission's Standard Contractual Clauses (2021/914) and, where relevant, supplementary measures.

7. Data subject rights

UniMate provides students with self-service GDPR data export (Art. 20) and erasure (Art. 17) at Settings → Privacy → Danger zone. Where a student requests rights through the University, UniMate assists at no cost.

8. Liability & governing law

Liability is limited to the fees paid by the University in the 12 months preceding the incident. This DPA is governed by Swiss law; courts of Zurich have exclusive jurisdiction, without prejudice to the data subject's rights under the GDPR.

Annex A — Technical & organisational measures

See the public summary at getunimate.com/trust. A detailed annex (network architecture, access control matrix, incident-response runbook) is provided on request to qualified partners under NDA.

Need this counter-signed?

Email partnerships@getunimate.com with your University's registered address and authorised signatory. Standard turnaround: 3 business days.