Data Processing Addendum

Effective: 2025‑07‑10

This DPA supplements the Terms of Service and Privacy Policy and governs personal data processing in compliance with GDPR.

1. Definitions

Personal Data, Processing, Controller, Processor follow GDPR definitions (Wikipedia – General Data Protection Regulation).

2. Scope & Purpose

Applies where we process personal data as a Processor on your behalf under GDPR. We undertake to process data only per your documented instructions.

3. Security Measures

We implement technical & organizational measures aligned with ISO/IEC 27001, including encryption, access control, logging, and data resilience.

4. Sub-Processors

We use subprocessors (e.g., datacenters, email gateways). You can access an up-to-date list on our website. We will notify changes and allow objections.

5. Data Transfers

Transfers outside the EU occur under Standard Contractual Clauses or equivalent legal safeguards.

6. Breach Notification

We will notify you within 72 hours of discovering a breach affecting your personal data.

7. Termination

After the contract ends, we will delete or return personal data unless retention is legally required.

8. Audit Rights

Upon request and with notice, you may audit our compliance with this DPA.

9. Liability

Liability is limited per the Terms of Service and applicable law. Indemnification obligations align with GDPR.

1. Definitions​

2. Scope & Purpose​

3. Security Measures​

4. Sub-Processors​

5. Data Transfers​

6. Breach Notification​

7. Termination​

8. Audit Rights​

9. Liability​