Scope
This Data Processing Addendum ("DPA") forms part of the agreement between rendrOS and the Customer. It applies whenever rendrOS processes personal data on behalf of the Customer in connection with the rendrOS service, and supplements our Terms of Service.
Roles & responsibilities
| Party | Role | Examples |
|---|---|---|
| Customer | Controller | Decides what data goes into rendrOS and why |
| rendrOS | Processor | Stores, processes and transmits the data per Customer's instructions |
| Sub-processors | Sub-processor | Hosting, payments, email delivery (see below) |
Authorised sub-processors
| Sub-processor | Service | Region |
|---|---|---|
| Amazon Web Services | Hosting, storage, backups | UK (eu-west-2), UAE (me-central-1) |
| Stripe Payments | Card processing, billing | UK / EU / UAE |
| Postmark | Transactional email | EU |
| Plausible Analytics | Cookie-less site analytics | EU |
| Sentry | Error monitoring | EU |
| Cloudflare | CDN, DDoS protection | Global edge |
We will give the Customer 30 days' notice before adding or replacing a sub-processor. The Customer may object on reasonable data-protection grounds.
Technical & organisational measures
- TLS 1.3 in transit; AES-256 at rest
- Region-locked storage (UK or UAE) selected at signup
- Hardware MFA for production access
- Quarterly access reviews and least-privilege role design
- Daily backups; tested restore procedure
- Annual third-party penetration test
- Documented incident response plan
- Background checks for personnel with production access
International data transfers
Personal data is stored in the Customer's chosen region. Where transfer to another region is operationally necessary (e.g. EU sub-processors), it is covered by EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, and supplementary measures as required.
Breach response
rendrOS will notify the Customer of a confirmed personal data breach affecting their data without undue delay, and in any event within 48 hours of confirmation. Notification will include nature, scope, likely consequences, and remediation taken.
Audit rights
The Customer may, at most once per year and on 30 days' written notice, audit our compliance with this DPA. We may satisfy audit requests through current SOC 2 reports, ISO 27001 certificates, or other recognised attestations once available.
Return or deletion of data
On termination, the Customer may export their data via the in-app export tool for up to 90 days. After 90 days, all Customer personal data is permanently deleted from production systems and from backups within the next backup rotation cycle (max 35 days), unless retention is required by law.