Data Processing Addendum (DPA)

This DPA forms part of the Terms when GDPR/PDPA applies to your processing of personal data via the Service.

Roles

You are Controller. We are Processor. Sub-processors listed below.

Subject Matter

Automated transformation & analysis of uploaded images plus minimal account/contact data.

Duration

For the Term of your Service use until deletion/return of personal data.

Nature & Purpose

Provide image compliance automation (resizing, background, watermark removal assistance, linting).

Categories of Data

Images (may incidentally contain personal data), email, optional metadata you supply.

Data Subjects

Your customers / internal catalog stakeholders (indirect), you (account owner).

Security Measures

• Encryption in transit (TLS)
• Access control & IAM least privilege
• Logical separation per environment
• Automated dependency patching

Sub-processors

• AWS (infrastructure)
• Email service (transactional)

International Transfers

Standard Contractual Clauses where required.

Assistance

We help fulfill data subject requests via support channel within 30 days.

Deletion/Return

Upon termination or request we delete personal data within 30 days (unless legally required retention).

Audit

Security summaries available on request; formal audits subject to reasonable scheduling & scope.

Breach Notification

We notify without undue delay after confirmed personal data breach.

Last updated: 2025-09-27