Data Processing Addendum (DPA)

Effective date: 2025-10-11

This DPA forms part of the Terms and applies when we process Personal Data on your behalf as a Processor.

Subject matter & duration

Processing of security intelligence related to your assets for the term of your subscription.

Nature & purpose

Monitoring, scanning, alerting, and reporting on security risks and breaches.

Types of Personal Data

• Identifiers: emails, usernames, account IDs, IP addresses.
• Potential breach artifacts: hashed passwords, credential patterns, metadata.

Data subjects

Employees, contractors, and customers associated with assets you submit.

Processor obligations

• Process only on documented instructions from Controller.
• Maintain appropriate security measures (technical and organizational).
• Assist with data subject requests and incident notifications.
• Ensure confidentiality and train personnel.
• Use subprocessors with appropriate safeguards and contracts.

Subprocessors

We maintain a list available upon request and will provide notice of material changes.

International transfers

Where required, we rely on SCCs or equivalent mechanisms for cross-border transfers.

Return or deletion

Upon termination, we will delete or return Personal Data as requested, subject to legal holds.

Audits

Reasonable audits on prior notice; we may satisfy via third-party reports where appropriate.

Contact

For DPA requests: tech@phenicie.com