49 lines
1.6 KiB
Markdown
49 lines
1.6 KiB
Markdown
# Data Processing Agreement (DPA)
|
|
|
|
This Data Processing Agreement ("DPA") is entered into between Crawl API ("Processor") and the Customer ("Controller") as of the date of account creation.
|
|
|
|
## 1. Definitions
|
|
|
|
- **Personal Data**: Any information relating to an identified or identifiable natural person.
|
|
- **Processing**: Any operation performed on Personal Data.
|
|
- **Data Subject**: The natural person to whom Personal Data relates.
|
|
|
|
## 2. Scope of Processing
|
|
|
|
Processor will process Personal Data only as necessary to provide the Service and in accordance with Controller's documented instructions.
|
|
|
|
## 3. Processor Obligations
|
|
|
|
- Process Personal Data only on documented instructions from Controller
|
|
- Ensure persons authorized to process Personal Data are bound by confidentiality
|
|
- Implement appropriate technical and organizational measures
|
|
- Assist Controller in responding to Data Subject requests
|
|
- Notify Controller of any Personal Data breaches
|
|
|
|
## 4. Subprocessors
|
|
|
|
We use the following subprocessors:
|
|
- Amazon Web Services (hosting)
|
|
- Stripe (payment processing)
|
|
- Google Cloud (optional AI features)
|
|
|
|
## 5. Data Transfers
|
|
|
|
Personal Data may be transferred to countries outside the EEA. We ensure adequate safeguards are in place.
|
|
|
|
## 6. Security Measures
|
|
|
|
We implement:
|
|
- Encryption at rest and in transit
|
|
- Access controls and authentication
|
|
- Regular security assessments
|
|
- Incident response procedures
|
|
|
|
## 7. Audit Rights
|
|
|
|
Controller may request an audit of our compliance with this DPA once per year.
|
|
|
|
## 8. Termination
|
|
|
|
Upon termination, Processor will delete or return all Personal Data unless required by law to retain it.
|