1. Scope and Purpose
This Data Processing Agreement (DPA) supplements the SiteSignal Terms of Service and reflects the parties' agreement with regard to the Processing of Personal Data under the GDPR and other applicable data protection laws.
2. Data Subjects
SiteSignal processes data provided by your agency's clients. These include website visitors, end-users of your clients' sites, and registered account holders of monitored domains.
3. Technical and Organizational Measures
We are committed to securing your data. Our measures include:
- Encryption: Data is encrypted at rest using AES-256 and in transit using TLS 1.3.
- Access Control: Strict need-to-know basis access for our engineers.
- Monitoring: 24/7 logging of all system access and security events.
4. List of Sub-processors
To provide our service, we engage the following sub-processors:
- Stripe: Payment processing (PCI-DSS compliant).
- DigitalOcean: Server infrastructure and data hosting (US-based).
- Cloudflare: DNS, security, and DDoS protection.
5. Data Retention
Data is retained only as long as your subscription is active. Upon account deletion, all personal data associated with your domains is purged from our production databases within 90 days.
Need a Signed Copy?
For enterprise-level compliance needs, our legal team can provide a signed version of this agreement. Reach out to us at hi@sitesignal.app to initiate the signing process.