DATA PROCESSING ADDENDUM
Last updated July 1, 2026
This Data Processing Addendum ("DPA") applies whenever Securelytix processes personal data on behalf of a customer.
Securelytix acts as a Data Processor, while the customer remains the Data Controller and determines how personal data should be processed.
Purpose of Processing
Securelytix processes personal data solely to provide the Services requested by the customer, including:
- Tokenization of sensitive information
- Secure vault storage
- Controlled restoration of protected data
- Audit logging
- API request processing
We process customer data only according to documented customer instructions.
Types of Personal Data
Depending on how Securelytix is used, personal data may include:
- Names
- Email addresses
- Phone numbers
- Government-issued identifiers
- Financial information
- Customer account details
- Other personally identifiable information submitted through our APIs
Security Measures
Securelytix maintains technical and organizational safeguards designed to protect customer data, including:
- Encryption during transmission and storage
- Strict access controls
- Authentication and authorization
- Comprehensive audit logs
- Secure key management
- Continuous security monitoring
Confidentiality
Anyone authorized to access customer data is bound by confidentiality obligations and receives appropriate security training.
Subprocessors
Securelytix may engage carefully selected subprocessors to operate the platform, such as cloud hosting or authentication providers.
All subprocessors are required to maintain security standards consistent with this Agreement.
Data Subject Requests
If a customer receives a request from an individual regarding their personal data, Securelytix will provide reasonable assistance to help the customer respond where required by applicable law.
Security Incidents
If we become aware of a confirmed security incident affecting customer personal data, we'll notify affected customers without undue delay and provide available information to help them understand the incident and take appropriate action.
Data Deletion
Upon termination of the Service, Securelytix will delete or return customer data according to the customer's instructions, unless retention is required by law.
Compliance
Securelytix is committed to supporting customers in meeting applicable privacy and data protection obligations through secure processing practices and responsible data handling.
Related documents