Legal Center

Data Processing Agreement

Last updated: June 2025

Our DPA governs how we process personal data on your behalf, ensuring compliance with GDPR and other data protection regulations.

Download Our Standard DPA

Get a pre-signed copy of our Data Processing Agreement that incorporates Standard Contractual Clauses (SCCs).

Download DPA (PDF)

Data Processing Principles

Purpose Limitation

We only process personal data as necessary to provide our services and as instructed by you.

Data Security

We implement appropriate technical and organizational measures to protect personal data.

International Transfers

We use Standard Contractual Clauses (SCCs) for data transfers outside the EEA.

Sub-processors

We maintain a list of approved sub-processors and notify you of any changes.

Technical & Organizational Measures

We implement comprehensive security measures to protect personal data:

Encryption at rest and in transit (AES-256, TLS 1.3)
Multi-factor authentication required for all access
Role-based access control with least privilege
Regular security audits and penetration testing
SOC 2 Type II certified infrastructure
Incident detection and response procedures

Supporting Data Subject Rights

We provide tools and support to help you respond to data subject requests:

Access

Obtain confirmation and access to personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of personal data

Restriction

Restrict processing of personal data

Portability

Receive data in a portable format

Objection

Object to certain processing activities

Sub-processors

We use the following categories of sub-processors to deliver our services:

Cloud Infrastructure

AWS, GCP

Hosting and data storage services

Payment Processing

Stripe

Payment and billing services

Customer Support

Intercom

Support ticket and chat services

Full sub-processor list available upon request. We notify customers 30 days before adding new sub-processors.

Data Breach Notification

Our Commitment

  • Notify you within 72 hours of becoming aware of a breach
  • Provide detailed information about the incident
  • Assist with your regulatory obligations

Notification Contents

  • Nature of the breach
  • Categories of data affected
  • Measures taken to address the breach
  • Recommended remediation steps

Request a Custom DPA

Need a customized DPA or have questions? Contact our legal team.

legal@tigeraccess.io