1.6 KiB
1.6 KiB
Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") is entered into between Crawl API ("Processor") and the Customer ("Controller") as of the date of account creation.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on Personal Data.
- Data Subject: The natural person to whom Personal Data relates.
2. Scope of Processing
Processor will process Personal Data only as necessary to provide the Service and in accordance with Controller's documented instructions.
3. Processor Obligations
- Process Personal Data only on documented instructions from Controller
- Ensure persons authorized to process Personal Data are bound by confidentiality
- Implement appropriate technical and organizational measures
- Assist Controller in responding to Data Subject requests
- Notify Controller of any Personal Data breaches
4. Subprocessors
We use the following subprocessors:
- Amazon Web Services (hosting)
- Stripe (payment processing)
- Google Cloud (optional AI features)
5. Data Transfers
Personal Data may be transferred to countries outside the EEA. We ensure adequate safeguards are in place.
6. Security Measures
We implement:
- Encryption at rest and in transit
- Access controls and authentication
- Regular security assessments
- Incident response procedures
7. Audit Rights
Controller may request an audit of our compliance with this DPA once per year.
8. Termination
Upon termination, Processor will delete or return all Personal Data unless required by law to retain it.