Data Processing Addendum
DPA governing the processing of personal data
1. Roles
- Customer = Data Controller
- Cloud Locksmith = Data Processor
2. Scope
We process data solely to provide security posture management services.
3. Data Types
- Identity data
- Configuration metadata
4. Subprocessors
We use the following subprocessors:
- Railway / AWS / GCP (hosting)
- PostgreSQL provider (database)
- Vercel (frontend hosting)
5. Security Measures
- Encryption of tokens
- Access control
- Audit logging
6. Data Retention
Data is retained only as necessary to provide services and is deleted per the retention policy.
7. Breach Notification
We will notify affected users without undue delay and, where applicable, within 72 hours of confirming a breach.
8. Customer Rights
Customers may request:
- Data deletion
- Data access
9. Compliance
We aim to align with applicable data protection laws, including GDPR where applicable.