Data processing agreement (DPA)

Emoji icon 1f4d1.svg
Last updated: April 9, 2025

1. Scope

This Data Processing Agreement supplements the Terms of Service and applies to the extent PuppetVendors processes personal data on behalf of the Customer.

2. Sub-processors

We use the following sub-processors:
  • Digital Ocean
  • Amazon Web Services (AWS)
  • MongoDB Atlas

      • 3. Security Measures

      We implement security measures including:
      • Data encryption (at rest and in transit)
      • Access control with multi-factor authentication for internal systems
      • Internal security reviews and penetration testing
      • Employee training on data protection

          • 4. Rights to Data Subject

          We assist in fulfilling requests to access, correct, delete, or restrict processing of personal data. We provide reasonable assistance to you in responding to such requests.

          5. Breach Notification

          In the event of a data breach, we will notify you without undue delay, in accordance with GDPR, providing details of the breach and affected data.

          6. Data Return or Deletion

          Upon termination of the Service, we will delete or return your data within 30 days, unless legally required to retain it.
Built on Unicorn Platform