Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between WebAudit ("Processor") and the Customer ("Controller") and governs the processing of personal data by WebAudit on behalf of the Customer in connection with the Services.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data
• "Data Subject" means the individual to whom personal data relates
• "Sub-processor" means any third party engaged by WebAudit to process personal data

3. Scope and Purpose

WebAudit processes personal data solely for the purpose of providing the Services, which includes:

• Website crawling and analysis
• SEO issue detection and reporting
• GEO analysis for AI visibility
• Account management and authentication
• Customer support

4. Data Categories

Personal data processed may include:

• Contact information (name, email)
• Account credentials
• Website content and URLs
• Usage data and analytics
• Communication records

5. Processor Obligations

WebAudit agrees to:

• Process personal data only on documented instructions from the Controller
• Ensure personnel are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist the Controller with data subject requests
• Delete or return personal data upon termination
• Make available information necessary for compliance audits

6. Security Measures

WebAudit implements the following security measures:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication
• Regular security assessments and penetration testing
• Incident response procedures
• Employee security training
• Physical security at data centers

7. Sub-processors

WebAudit uses the following sub-processors:

We will notify customers of any changes to sub-processors with at least 30 days notice.

8. International Transfers

Where personal data is transferred outside the EEA, WebAudit ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Data Subject Rights

WebAudit will assist the Controller in responding to data subject requests, including rights of access, rectification, erasure, portability, and objection to processing.

10. Data Breach Notification

WebAudit will notify the Controller without undue delay (and in any event within 72 hours) upon becoming aware of a personal data breach that affects Controller data.

11. Term and Termination

This DPA remains in effect for the duration of the Services agreement. Upon termination, WebAudit will delete or return all personal data within 30 days, unless retention is required by law.

12. Contact

For DPA inquiries or to request a signed copy:

Email: dpa@webaudit.dev
Data Protection Officer: dpo@webaudit.dev