Data Processing Agreement
Article 28 GDPR · Last updated: March 2026
This agreement applies when a Professional User (belastingadviseur, accountant, or financial planner) processes client data through WealthPlannr.
1. Parties
Data Controller (Verwerkingsverantwoordelijke): The Professional User who submits client data to WealthPlannr for processing (the “Controller”).
Data Processor (Verwerker): WealthPlannr B.V., registered in Amsterdam, the Netherlands (the “Processor”).
2. Scope & Purpose (Onderwerp en Duur)
WealthPlannr processes data solely to facilitate Box 3 tax simulations, portfolio analysis, and the generation of OWR (Tegenbewijs) evidence reports on behalf of the Controller's clients.
Duration: The processing continues for the length of the Professional User's subscription. Upon termination, all client data is deleted within 30 days unless a legal retention period (e.g., fiscal audit logs under Dutch tax law) applies.
3. Types of Data & Data Subjects
Data Subjects: The clients of the Professional User (taxpayers / belastingplichtigen).
| Data Category | Examples |
|---|---|
| Identification | Client name, BSN (if provided by Controller) |
| Financial values | Asset values (Jan 1 / Dec 31), dividends, interest, realized gains |
| Document metadata | Brokerage statement file names, broker identification |
| Tax computation | Box 3 forfait/actual calculations, OWR form field values |
4. AI Processing & Transparency (EU AI Act 2026)
4.1 Instruction-Based Processing
The Processor only uses AI models to process data based on the Controller's explicit instructions (e.g., “Scan this PDF”, “Generate OWR report”). No autonomous decision-making with legal effect occurs.
4.2 No Training Guarantee
WealthPlannr guarantees that personal data submitted for analysis is not used to train or improve the underlying General Purpose AI Models (Anthropic Claude). Anthropic's commercial API terms contractually prohibit training on customer input data.
4.3 Human-in-the-Loop
The system is designed to require human-in-the-loop verification. The Controller (or their client) must review and confirm AI-extracted data before the final evidence PDF is generated. All extracted values are editable in the review interface.
4.4 Transient Processing
Documents uploaded for AI extraction are processed in memory only. No uploaded documents (PDF, CSV, TXT) are persisted to any database or filesystem. Extracted structured data exists only in the user's browser session.
5. Sub-processors (Onderaannemers)
The Processor uses the following sub-processors:
| Sub-processor | Purpose | Region | Data Training |
|---|---|---|---|
| Supabase / AWS | Database & authentication | EU-West (Frankfurt) | N/A |
| Anthropic (API) | AI inference (document extraction) | US (transient) | No (commercial tier) |
| Vercel | Application hosting | EU (Amsterdam) | N/A |
| Stripe | Payment processing | EU (Dublin) | N/A |
The Processor will notify the Controller of any changes to sub-processors with at least 30 days' notice.
6. Technical & Organizational Measures (TOMs)
- Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3).
- Isolation: Multi-tenant architecture with Row-Level Security (RLS), ensuring strict data separation between users.
- Access Control: API keys stored server-side only. Supabase authentication with bcrypt hashing.
- Audit Trails: Logged events for document uploads, report generation, and data exports.
- Minimization: Only data necessary for the requested computation is processed.
7. Data Breach Notification
WealthPlannr will notify the Controller without undue delay (and in any case within 48 hours) after becoming aware of a personal data breach, enabling the Controller to meet their 72-hour reporting obligation to the Autoriteit Persoonsgegevens.
Notification will include: nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken to mitigate.
8. Audit Rights
The Controller may request evidence of compliance with this DPA. The Processor will provide relevant documentation, certifications, or (upon reasonable notice) facilitate audits. Contact: audit@wealthplannr.nl
9. Data Return & Deletion
Upon termination of the subscription, the Processor will delete all personal data within 30 days. The Controller may request a data export (CSV) before termination. After deletion, the Processor will provide written confirmation upon request.
10. Governing Law
This DPA is governed by the laws of the Netherlands and the GDPR/AVG. Disputes shall be submitted to the competent court in Amsterdam.
Acceptance
Professional users on the Wealth tier (€49/mo) can accept this DPA electronically in Settings → Subscription. Once accepted, a downloadable PDF version of this DPA is available for your records.
By checking “I am a professional using WealthPlannr for clients. I agree to the WealthPlannr Data Processing Agreement (DPA)” in your settings, you acknowledge that you have read, understood, and agree to the terms of this Verwerkersovereenkomst.