Data Processing Agreement (DPA)
Last Updated:
This Data Processing Agreement ("DPA") forms part of the agreement between DNSai LLC ("DNSai", "Processor") and the Customer ("Controller") for DNSai services. This DPA governs the processing of personal data in compliance with applicable data protection laws including the General Data Protection Regulation (GDPR).
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
- "Data Subject" means the individual to whom Personal Data relates.
- "Subprocessor" means any third party engaged by DNSai to process Personal Data.
2. Scope and Purpose
DNSai processes Personal Data only as necessary to provide the services described in our Terms of Use and as instructed by the Controller. The types of data processed and purposes are:
- Account Data: Name, email, organization details for service delivery
- Usage Data: Service logs, queries, and analytics for product improvement
- Payment Data: Billing information processed by payment providers
3. Obligations of DNSai
As Processor, DNSai agrees to:
- Process Personal Data only on documented instructions from the Controller
- Ensure personnel authorized to process Personal Data are bound by confidentiality
- Implement appropriate technical and organizational security measures
- Assist the Controller in responding to Data Subject requests
- Delete or return all Personal Data upon termination of services
- Make available information necessary to demonstrate compliance
- Notify the Controller without undue delay of any Personal Data breach
4. Subprocessors
The Controller authorizes DNSai to engage Subprocessors to process Personal Data. DNSai maintains a current list of Subprocessors at dnsai.com/subprocessors.
DNSai will:
- Enter into written agreements with Subprocessors imposing equivalent data protection obligations
- Notify the Controller of any intended changes to Subprocessors
- Remain liable for the acts and omissions of its Subprocessors
5. Security Measures
DNSai implements security measures including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Access controls and authentication requirements
- Regular security assessments and monitoring
- Incident response procedures
- Employee security training
6. International Transfers
If Personal Data is transferred outside the European Economic Area (EEA), DNSai ensures appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with adequacy decisions
7. Data Subject Rights
DNSai assists the Controller in fulfilling obligations to respond to Data Subject requests including:
- Access to Personal Data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Restriction of processing
- Objection to processing
8. Audits
DNSai shall make available to the Controller information necessary to demonstrate compliance with this DPA. The Controller may conduct audits, either directly or through an independent auditor, subject to reasonable notice and confidentiality requirements.
9. Term and Termination
This DPA remains in effect for the duration of the service agreement. Upon termination, DNSai will delete or return all Personal Data within 90 days unless retention is required by law.
10. Contact
For questions about this DPA or to exercise data protection rights, contact us via our Contact page.