Data Processing Agreement (DPA)

Last Updated: January 2, 2026

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between WhappScan ("Processor") and the User ("Controller").

1. Definitions

The terms "Personal Data", "Data Subject", "Processing", "Controller", and "Processor" shall have the meanings given to them in the GDPR.

2. Subject Matter and Duration

The Processor shall process Personal Data as necessary to perform the services described in the Terms and Conditions.

Duration: The processing will continue for the duration of the agreement. Extracted data is retained for 1 year.

3. Processor's Obligations

The Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller.
  • Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (AES-256 encryption).
  • Assist the Controller in responding to requests from Data Subjects.

4. Sub-processors

The Controller authorizes the Processor to engage the following sub-processors:

  • Amazon Web Services (AWS): Infrastructure and AI processing (Bedrock). Region: eu-north-1.
  • Stripe: Payment processing.

5. Data Transfers

All data processing is primarily conducted within the European Economic Area (EEA). Any transfers outside the EEA will be conducted in compliance with GDPR requirements.

6. Security Measures

Processor implements encryption in transit and at rest (AES-256). Original documents are deleted immediately after processing.

7. Contact

For any DPA related inquiries: whappscan@proton.me