Data Processing Addendum

Last updated: 2026-06-13

This DPA applies when SEOPXL processes personal data on your behalf (e.g. when you give us access to your CMS, mailing list, or admin panel during Web Design / Web App engagements).

1. Roles

You are the Controller. SEOPXL is the Processor.

2. Scope

We only process personal data for the purposes set out in our SOW with you.

3. Sub-processors

We use SMTP providers and infrastructure vendors. A current list is available on request.

4. Security

bcrypt-hashed passwords, HTTPS, rate-limited admin access, audit logs.

5. Breach

We notify you within 72 hours of becoming aware of a breach affecting your data.

6. Deletion

On termination, we return or delete personal data within 30 days.

7. SCCs

Where data leaves the EEA, the EU Standard Contractual Clauses apply, with Annexes available on request.

To countersign this DPA, email gaminashrine@gmail.com.