verified_user Enterprise Trust Center

Data Processing Addendum

Effective January 1, 2024. This DPA outlines our commitment to data privacy, security, and compliance across all Aquafroge services.

1. Introduction & Scope

This Data Processing Addendum (“DPA”) forms part of the Master Service Agreement or Terms of Service between Aquafroge Inc. (“Aquafroge”) and the entity identified as the Customer (“Customer”).

This DPA applies where and only to the extent that Aquafroge processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland, the United Kingdom and/or the United States.

2. Regulatory Compliance

language

GDPR & UK GDPR

Full compliance with General Data Protection Regulation (EU 2016/679) and its UK equivalent, ensuring lawful basis for processing and international transfer mechanisms.

domain_verification

CCPA / CPRA

Commitment to California Consumer Privacy Act standards, including strict "No Sale" of personal information and honoring opt-out requests.

3. Data Subject Rights

OUR COMMITMENT

Assisting with Requests

We provide the technical tools necessary for Customers to respond to individual requests to exercise their rights under Data Protection Laws.

check_circle

Right to Access & Rectification

Ability to export or update personal data records directly through the Aquafroge console.

check_circle

Right to Erasure (Right to be Forgotten)

Automated workflows for permanent deletion of user accounts and associated metadata.

check_circle

Data Portability

Export formats compatible with industry standards (JSON/CSV) for seamless transitions.

4. Technical & Organizational Measures

encryption

Encryption & Integrity

All data is encrypted at rest using AES-256 and in transit via TLS 1.3+. We maintain a zero-trust architecture internally to prevent unauthorized access.

lock_person

Access Control

Strict IAM policies, mandatory Multi-Factor Authentication (MFA), and quarterly access reviews for all personnel.

history

Logging

Comprehensive audit trails for all system access and data modifications.

5. Sub-processors

To provide the best service, we engage the following sub-processors:

Entity Name Processing Purpose Location
cloud
Amazon Web Services
Cloud Infrastructure & Hosting United States (Global Regions)
mail
SendGrid
Email Delivery Services United States
monitoring
Datadog
Application Monitoring & Logs United States / EU
support
Zendesk
Customer Support Operations United States
notifications_active

Note: We notify customers of any changes to our sub-processor list 30 days in advance via our Change Notification Center.

Ready to complete your DPA?

Our automated legal desk can provide you with a pre-signed copy of this addendum tailored to your organization in seconds.