Solen Data Processing Agreement
Last updated: June 2026 | AeonFrame Inc.
1. Scope
This DPA applies when Solen processes Personal Data or Customer Code Data on behalf of the Customer.
2. Data Processed
- 2.1 Platform data: user accounts, workspace settings, deployment metadata.
- 2.2 Customer code (SolenShift): uploaded repositories, analyzed only for the purpose requested. See Section 4 for retention and deletion terms.
- 2.3 Telemetry: anonymized heal patterns (LearnShift) — only with explicit consent.
3. No Training Data Use
Customer Code Data is NEVER used to train or fine-tune AI models.
Analysis uses claude-sonnet-4-6 via Anthropic's API. No customer data is retained by Anthropic beyond the API request/response lifecycle.
4. Retention and Deletion
- Standard mode: Customer Code Data deleted within 24 hours of analysis completion.
- VaultShift Cloud: Encrypted, deleted within 24 hours, cryptographic deletion receipt provided.
- VaultShift On-Prem: Customer Code Data never leaves the customer's infrastructure.
- Users may request immediate deletion at any time via nexus.solenai.ca or by contacting [email protected].
5. Security Measures
- VaultShift Cloud: AES-256-GCM encryption at rest. TLS 1.3 in transit.
- Access controls: principle of least privilege. No Solen employee can access customer code without customer-controlled decryption key.
- Audit log: all data access events recorded in tamper-evident AuditTrailEntry.
6. Sub-processors
- Anthropic (AI inference): https://www.anthropic.com/privacy
- Neon (database): https://neon.tech/privacy
- Supabase (database): https://supabase.com/privacy
- Resend (email): https://resend.com/privacy
7. Contact
Data Controller: AeonFrame Inc. | [email protected]
See also: Privacy Policy · Terms of Service