Data Processing Agreement (DPA)
Last Updated: January 2, 2026
This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between WhappScan ("Processor") and the User ("Controller").
1. Definitions
The terms "Personal Data", "Data Subject", "Processing", "Controller", and "Processor" shall have the meanings given to them in the GDPR.
2. Subject Matter and Duration
The Processor shall process Personal Data as necessary to perform the services described in the Terms and Conditions.
Duration: The processing will continue for the duration of the agreement. Extracted data is retained for 1 year.
3. Processor's Obligations
The Processor agrees to:
- Process Personal Data only on documented instructions from the Controller.
- Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
- Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (AES-256 encryption).
- Assist the Controller in responding to requests from Data Subjects.
4. Sub-processors
The Controller authorizes the Processor to engage the following sub-processors:
- Amazon Web Services (AWS): Infrastructure and AI processing (Bedrock). Region: eu-north-1.
- Stripe: Payment processing.
5. Data Transfers
All data processing is primarily conducted within the European Economic Area (EEA). Any transfers outside the EEA will be conducted in compliance with GDPR requirements.
6. Security Measures
Processor implements encryption in transit and at rest (AES-256). Original documents are deleted immediately after processing.
7. Contact
For any DPA related inquiries: whappscan@proton.me