ZeroTrace
HomePoliciesData Processing Agreement (DPA)

Data Processing Agreement (DPA)

This agreement governs the relationship between ZeroTrace and users when personal data is processed through our infrastructure, outlining responsibilities under GDPR and other laws.

Last updated: November 13, 2025

1. Data Processing Agreement (DPA) Overview

This Data Processing Agreement (“DPA”) applies when ZeroTrace processes personal data on your behalf in connection with the Service. It is intended to satisfy GDPR Article 28 and similar international requirements.

This page is a simplified public summary. If you need a signed DPA or annexes, contact admin@zerotrace.pw.

2. Roles: Controller & Processor

  • You (Customer/User) are typically the Data Controller for data you submit to the Service.
  • ZeroTrace acts as a Data Processor for that customer-submitted data, and as an independent controller for limited account/admin data.

You confirm you have lawful authority to collect and submit any personal data you process with ZeroTrace.

3. Scope of Processing

ZeroTrace processes customer-submitted data only to provide and secure the Service, including storage, synchronization, analytics necessary for functionality, and support troubleshooting (when requested).

Authorized Use Only

You must not use the Service for covert surveillance, stalking, spying, or any unauthorized monitoring. If the Service is used to process monitoring logs, you must have explicit authorization and a valid legal basis.

4. Categories of Data, Subjects, and Processing

Examples (depends on configuration):

  • Data subjects: account holders, customers, and individuals whose data you lawfully submit to the Service
  • Personal data types: identifiers, device metadata, timestamps, usage/security logs, and customer-submitted content
  • Processing operations: collection, storage, encryption, retrieval, deletion, and transmission

5. Subprocessors

We may use subprocessors to support delivery of the Service (e.g., hosting providers, email delivery, payment processors like Stripe). Subprocessors are bound by contractual obligations for confidentiality and security.

A detailed subprocessor list can be provided on request.

6. International Transfers

Because ZeroTrace supports international customers and processes data on servers, data may be transferred or accessed across borders. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses).

7. Security Measures

  • Encryption in transit and access controls
  • Least-privilege staff access and auditing
  • Security monitoring and abuse prevention
  • Data minimization and retention controls where feasible

8. Assistance With Rights Requests

Where required by law and applicable to your use, ZeroTrace will reasonably assist you with fulfilling data subject requests (access, deletion, portability), taking into account the nature of processing and available tools.

9. Security Incidents & Breach Notification

If we become aware of a personal data breach affecting customer-submitted personal data, we will notify you without undue delay and provide available information reasonably necessary to support your compliance obligations.

10. Deletion & Return of Data

Upon termination of the Service (or upon request where feasible), we will delete or return customer-submitted data unless retention is required by law or necessary for security and fraud prevention.

11. Audit & Compliance

We maintain internal security and privacy controls appropriate to the nature of the Service. Where legally required, we may provide reasonable evidence of compliance (e.g., summaries of technical/organizational measures), subject to confidentiality and security limitations.

12. Contact

For DPA requests (including a signed version), contact admin@zerotrace.pw.