NotifyHub
Empieza Ahora Iniciar sesion
it en es fr de pt zh ja ar hi ru

Data Processing Agreement (DPA)

Ultima actualizacion: :date: 09/05/2026

Last updated: May 2026

1. Scope and Roles

This Data Processing Agreement ("DPA") supplements the NotifyHub Terms of Service. The Customer (data controller) determines the purposes and means of processing their recipients' personal data. GiaNet Media (data processor) processes such data solely on behalf of the Customer and according to documented instructions, to the extent necessary to provide the NotifyHub service.

2. Data Processed

Data categories: recipient identifiers (names, emails, phone numbers, platform IDs), message content, delivery metadata (timestamps, status, channel). Data subject categories: the Customer's notification recipients.

3. Sub-processors

  • Hetzner Online GmbH — Hosting and infrastructure (Falkenstein, Germany)
  • Stripe Inc. — Payment processing (USA, DPF)
  • Meta Platforms Ireland Ltd — WhatsApp Business API, Messenger, Instagram DM
  • Telegram FZ-LLC — Telegram Bot API (Dubai, UAE)
  • Discord Inc. — Webhook delivery (USA, SCC)
  • Slack Technologies LLC — Webhook delivery (USA, SCC)
  • AI providers (OpenAI, Anthropic, Google) — AI processing, only if the Customer enables AI features

The Customer will be notified via email at least 30 days before adding new sub-processors and may object within 14 days.

4. Security Measures

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Logical workspace isolation (multi-tenant with data segregation)
  • Two-factor authentication (2FA) available for all accounts
  • API key hashing (only the prefix is visible)
  • Cryptographically signed HMAC tokens for callbacks and action tokens
  • Rate limiting per API endpoint
  • Audit logs for administrative actions (Agency+ plans)

5. Breach Notification

GiaNet Media shall notify the Customer without undue delay, and in any event within 48 hours, of becoming aware of a personal data breach, providing: the nature of the breach, approximate categories and number of data subjects affected, likely consequences, and measures taken or proposed.

6. Data Subject Rights Assistance

GiaNet Media assists the Customer in responding to data subject requests (access, rectification, erasure, portability) through platform features (recipient export, data deletion) or dedicated technical support.

7. International Transfers

For transfers to countries without an adequacy decision, GiaNet Media relies on EU Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework for certified US sub-processors.

8. Audit Rights

The Customer may request, with 30 days' reasonable notice and no more than once per year, documentation and information about security measures in place. For Enterprise plans, on-site audits may be arranged at the Customer's expense.

9. Return and Deletion

Upon termination, GiaNet Media shall return all personal data to the Customer in standard format (CSV/JSON) upon request within 30 days, after which data is deleted unless required by law.

10. Duration

This DPA has the same duration as the Terms of Service and applies to all personal data processed in connection with the NotifyHub service.

STAG
https://notify.trovido.com