Data Processing Addendum
Comprehensive details about how we process, store, and protect your personal data
Effective Date
January 1, 2025
What is a DPA?
A Data Processing Addendum (DPA) is a legal contract that defines how we handle your personal data in compliance with GDPR and other privacy regulations.
Processing Activities
How we process your personal data
Sub-Processors
Third-party services we use to process data
Compliance & Certifications
Industry standards we adhere to
GDPR
EU data protection regulation compliance
CCPA
California privacy law compliance
ISO 27001
Information security management
SOC 2 Type II
Service organization controls
Your Rights Under This DPA
Right to access your personal data at any time
Right to request correction or deletion of your data
Right to data portability and export
Right to lodge a complaint with supervisory authority
Data Protection Officer
Contact our DPO for any data processing questions
Related Policies
Data Processing Addendum
Comprehensive data processing agreement for enterprise clients covering GDPR compliance, security measures, and international data transfers.
Data Processing Agreement Overview
This Data Processing Addendum (DPA) forms part of our Master Service Agreement and governs the processing of personal data in compliance with applicable privacy laws.
Purpose & Scope
- Defines roles and responsibilities for data processing
- Ensures GDPR and other privacy law compliance
- Establishes security and technical safeguards
- Governs international data transfers
Key Provisions
- Data processor and controller definitions
- Technical and organizational measures
- Sub-processor management and approval
- Cross-border transfer mechanisms
Enterprise-Grade Compliance
Our DPA meets the highest enterprise standards and has been reviewed by leading privacy law firms to ensure comprehensive compliance with global privacy regulations including GDPR, CCPA, PIPEDA, and other applicable laws.
Data Processing Activities
Detailed documentation of all personal data processing activities conducted on behalf of our enterprise clients.
Customer Management
Purpose: Account creation, authentication, and customer relationship management
Data Types:
- Name
- Phone
- Company information
- Account preferences
Security Measures:
- Encryption at rest
- Access controls
- Regular security audits
- MFA requirements
Processing Details
Service Delivery
Purpose: Providing digital products, technical support, and service fulfillment
Data Types:
- Usage data
- Technical logs
- Support communications
- Performance metrics
Security Measures:
- End-to-end encryption
- Secure data transmission
- Automated backups
- Incident response procedures
Processing Details
Analytics & Improvement
Purpose: Service optimization, performance monitoring, and user experience enhancement
Data Types:
- Anonymized usage patterns
- Performance metrics
- Feature usage statistics
Security Measures:
- Data anonymization
- Aggregated reporting only
- Limited access controls
Processing Details
Marketing & Communications
Purpose: Marketing communications, newsletters, and promotional activities
Data Types:
- Email address
- Communication preferences
- Engagement metrics
Security Measures:
- Consent management system
- Secure email platforms
- Regular consent reviews
Processing Details
Sub-processors & Third Parties
Comprehensive list of all sub-processors with their roles, locations, and security safeguards.
Amazon Web Services
Cloud hosting and infrastructure
Data Types Processed:
Security Safeguards:
- AWS BAA agreement
- SOC 2 Type II certification
- Data residency controls
Stripe Inc.
Payment processing
Data Types Processed:
Security Safeguards:
- PCI DSS Level 1
- Standard Contractual Clauses
- Tokenization
Twilio SendGrid
Email delivery services
Data Types Processed:
Security Safeguards:
- Standard Contractual Clauses
- ISO 27001 certification
- Data encryption
Google LLC
Website analytics
Data Types Processed:
Security Safeguards:
- Google Analytics 4 privacy controls
- Data retention controls
- IP anonymization
Sub-processor Updates
We provide 30 days advance notice of any changes to our sub-processor list. Enterprise clients have the right to object to new sub-processors and may terminate their agreement if objections cannot be resolved.
Compliance Framework
Our comprehensive approach to meeting global privacy and security regulations.
GDPR (General Data Protection Regulation)
EU regulation governing personal data processing and protection
Compliance Measures:
- Privacy by design implementation
- Data subject rights fulfillment
- Breach notification procedures
- Regular compliance audits
CCPA (California Consumer Privacy Act)
California state law providing privacy rights to consumers
Compliance Measures:
- Consumer rights implementation
- Privacy notice requirements
- Opt-out mechanisms
- Data inventory maintenance
PIPEDA (Personal Information Protection Act)
Canadian federal privacy law for private sector
Compliance Measures:
- Consent management
- Purpose limitation
- Accountability measures
- Individual access rights
ISO 27001
International standard for information security management
Compliance Measures:
- Information security management system
- Risk assessment procedures
- Security controls implementation
- Continuous improvement process
Enterprise Legal & Compliance Team
Our enterprise legal team is ready to work with your legal counsel to finalize DPA terms and ensure compliance requirements are met.