Data Processing Addendum

This DPA supplements the Cyata Terms of Service for customers processing personal data under GDPR, UK GDPR, or CCPA. It reflects Cyata acting as a processor on your behalf.

Processing & purposes

We process customer data only to provide the service as described in the Terms and Privacy Policy, on documented instructions from you.

Sub-processors

A current list of sub-processors is maintained at [email protected]. You may object to changes per the process there.

International transfers

Transfers use Standard Contractual Clauses and equivalent safeguards. Residency controls let you constrain where data is stored.

Security & breach

See our Security page. We notify you of confirmed breaches without undue delay.

Deletion on exit

On termination, we delete customer data within 30 days unless law requires retention.