Data Processing Addendum (DPA)

DATA PROCESSING ADDENDUM

Last updated July 1, 2026

This Data Processing Addendum ("DPA") applies whenever Securelytix processes personal data on behalf of a customer.

Securelytix acts as a Data Processor, while the customer remains the Data Controller and determines how personal data should be processed.

Purpose of Processing

Securelytix processes personal data solely to provide the Services requested by the customer, including:

  • Tokenization of sensitive information
  • Secure vault storage
  • Controlled restoration of protected data
  • Audit logging
  • API request processing

We process customer data only according to documented customer instructions.

Types of Personal Data

Depending on how Securelytix is used, personal data may include:

  • Names
  • Email addresses
  • Phone numbers
  • Government-issued identifiers
  • Financial information
  • Customer account details
  • Other personally identifiable information submitted through our APIs

Security Measures

Securelytix maintains technical and organizational safeguards designed to protect customer data, including:

  • Encryption during transmission and storage
  • Strict access controls
  • Authentication and authorization
  • Comprehensive audit logs
  • Secure key management
  • Continuous security monitoring

Confidentiality

Anyone authorized to access customer data is bound by confidentiality obligations and receives appropriate security training.

Subprocessors

Securelytix may engage carefully selected subprocessors to operate the platform, such as cloud hosting or authentication providers.

All subprocessors are required to maintain security standards consistent with this Agreement.

Data Subject Requests

If a customer receives a request from an individual regarding their personal data, Securelytix will provide reasonable assistance to help the customer respond where required by applicable law.

Security Incidents

If we become aware of a confirmed security incident affecting customer personal data, we'll notify affected customers without undue delay and provide available information to help them understand the incident and take appropriate action.

Data Deletion

Upon termination of the Service, Securelytix will delete or return customer data according to the customer's instructions, unless retention is required by law.

Compliance

Securelytix is committed to supporting customers in meeting applicable privacy and data protection obligations through secure processing practices and responsible data handling.