Data Processing Agreement

This Customer Data Processing Agreement (DPA) is part of the requirements of the European Data Protection Regulation (GDPR) and is an addendum to our Hosting Terms of Service (TOS) and Affiliate Program Agreement.


Controller: Entity who determines the purpose and means of processing Personal Data.
Customer Data: Data that processes on behalf of Customer.
Personal Data: Data relating to an identified or identifiable natural person.
Processor: Entity that processes Personal Data on behalf of Customer.
Security Incidents: Unauthorized and/or unlawful breach of security leading to accidental and/or unlawful destruction, alteration, loss, unauthorized disclosure of or access to Personal Data.
Subprocessor: Processors used by to fulfill its obligations in providing the Service.


This DPA applies only to the extent that processes Personal Data on behalf of the Customer in the course of providing the Service and in the case such Personal Data is subject to Data Protection Laws of the European Union (EU).

In this DPA, the Customer is the Controller of Personal Data and will process Personal Data only as a Processor on behalf of Customer. Nothing in this DPA prevents from using any data that collects and processes independently of Customer's use of the Service.

As a Controller, Customer agrees that they will comply with its obligations under Data Protection Laws in respect to their processing of Personal Data and any processing instructions they issue to; and that they have obtained consents and rights necessary under Data Protection Laws for to process Personal Data and provide the Service.

As a Processor, will process Personal Data only for the following purposes:
- processing to perform the Service in accordance with the TOS; and
- to comply with other reasonable instructions provided by Customer. handles Customer Data provided by Customer and the Customer Data may contain special categories of data depending on how the Service is used by Customer. The Customer Data may be subject to the following process activities:
- storage and other processing necessary to provide and improve the Service;
- to provide customer and technical support to Customer; and
- disclosures as required by law or otherwise set forth in the TOS.

Customer acknowledges that has the right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Service for its legitimate business purposes (e.g., billing, technical support, product development..etc.). For data that is considered personal data under Data Protection Laws, will process such data in compliance with Data Protection Laws.


Customer agrees that may engage Subprocessors to process Personal Data on Customer's behalf. You may request a list of Subprocessors currently engaged by

When engaging with a Subprocessor, will
- enter into a written agreement with the Subprocessor which imposes data protection terms that require the Subprocessor to protect Personal Data to the standards required by Data Protection Laws; and
- remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Subprocessor that cause to breach any of its obligations under this DPA. shall provide Customer reasonable advance notice via email if it adds or removes Subprocessors.

Customer may object to’s engagement with a new Subprocessor on reasonable grounds relating to data protection by notifying in writing within five (5) days of receipt of's notice. The notice should reasonably explain the grounds for the objection. The parties will discuss such concerns in good faith with the goal of achieving a reasonable resolution. If a resolution is not possible, either party may terminate the applicable Service related to the use of the Subprocessor.

Security will implement and maintain appropriate security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data. will ensure that any person who is authorized by to process Personal Data (e.g., staff, subcontractors) will be under an appropriate obligation of confidentiality.

In the event of a Security Incident, will notify Customer without undue delay and will provide timely information relating to the Security Incident as it becomes known.

Customer acknowledges that the security measures evolve and that may update or modify the security measures from time to time.

International Transfers

Customer Data may be transferred and processed in the United States and anywhere in the world where Customer and/or its Subprocessors maintain data processing operations. will implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.

Return and Deletion of Data

Customers have access to their uploaded files and databases and can download them. If Customer has any issues with downloading their content, they can contact our Technical Support for assistance. Upon deactivation of a Service, all Personal Data will be deleted, except for data which is required to be retained by applicable law, or Personal Data that is archived on backup systems (which are securely isolated and protected from further processing.


If Customer is unable to independently access the specific Personal Data within the Service in response to requests from individuals or data protection authorities, will (at Customer's expense) provide reasonable cooperation to assist Customer, if possible. In the event that any such request is made directly to, will not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If is required to respond to such a request, will promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

To the extent is required under Data Protection Law, will (at Customer's expense) provide reasonably requested information regarding’s processing of Personal Data under the TOS to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.


Except for the changes made by this DPA, the TOS remains unchanged and in full force and effect. If there is any conflict between this DPA and the TOS, the DPA will prevail to the extent of that conflict.

This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the TOS, unless required otherwise by Data Protection Laws.

Last updated May 21st, 2019.