Data Processing Addendum

This Data Processing Addendum (“DPA”) supplements the Zooq Terms of Service and applies when, in your use of Zooq, you act as a Data Controller and Zooq acts as a Data Processor in respect of personal data subject to the EU General Data Protection Regulation (GDPR) or analogous regimes (UK GDPR, Swiss FADP).

1. Subject matter

Zooq processes personal data on your instructions in order to provide the Service. Processing is limited to what is necessary to fulfill our obligations.

2. Sub-processors

You authorise the sub-processors listed in our Privacy Policy. We will notify you at least 14 days before adding or replacing any sub-processor.

3. Security

We implement appropriate technical and organisational measures: encrypted transport (TLS), encrypted at rest, hashed credentials, access logging, least-privilege access controls.

4. International transfers

Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (2021/914).

5. Data subject requests

We will, taking into account the nature of processing, assist you to fulfil your obligations to respond to data subject requests.

6. Deletion

On termination, we will delete personal data within 30 days unless retention is required by law.

Need a signed countersigned copy? Email legal@zooq.dev.