RxGPT Data Processing Agreement (DPA)

Purpose of this DPA

The Data Processing Agreement defines how RxGPT processes personal data on behalf of customer organizations, including processing scope, security obligations, and compliance commitments required by privacy regulations.

Core processor obligations

• Process data only on documented customer instructions.
• Apply technical and organizational security controls.
• Support data subject request workflows.
• Maintain confidentiality and controlled subprocessor engagement.
• Provide breach notification support under contractual timelines.

Security and transfer safeguards

DPA controls align with our platform safeguards, including AES-256 encryption, TLS 1.3, RBAC, and audit logging. Transfer and residency expectations are addressed through contractual terms and architecture patterns such as federated processing.

How to request DPA documentation

To request the latest DPA template or an executed version for your organization, contact our privacy team at privacy@rxgpthealth.com with your legal entity details and onboarding point of contact.