Skip to main content
AlertifyProAlertifyPro
HomeData Processing Agreement

Data Processing Agreement

Last updated: March 1, 2026

GDPR Compliant: This DPA is compliant with GDPR Article 28 and governs the processing of personal data by AlertifyPro on behalf of its customers. Enterprise customers receive a countersigned DPA upon request.

1. Parties

This Data Processing Agreement ("DPA") is entered into between:

Data Controller
You (the customer)
The entity that determines the purposes and means of personal data processing.
Data Processor
AlertifyPro Inc.
Processes personal data on behalf of the Controller per this DPA and the Terms of Service.

2. Definitions

Personal Data
Any information relating to an identified or identifiable natural person, as defined in GDPR Article 4(1).
Processing
Any operation performed on Personal Data, including collection, recording, storage, adaptation, retrieval, use, disclosure, or erasure.
Data Subject
An identified or identifiable natural person to whom Personal Data relates.
Sub-processor
Any third party engaged by AlertifyPro to process Personal Data on behalf of the Controller.

3. Scope & Purpose

AlertifyPro processes Personal Data solely for the purpose of providing the monitoring services described in the Terms of Service. Processing occurs only on documented instructions from the Controller. AlertifyPro will not process Personal Data for any other purpose without explicit written consent.

4. Processor Obligations

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that authorised personnel are subject to confidentiality obligations
  • Implement appropriate technical and organisational security measures (Article 32)
  • Assist the Controller in fulfilling data subject rights requests
  • Notify the Controller within 72 hours of becoming aware of a Personal Data breach
  • Delete or return all Personal Data upon termination of services
  • Provide all information necessary to demonstrate compliance with Article 28

5. Sub-processors

AlertifyPro uses the following approved sub-processors. We will notify you 30 days in advance of any changes.

Sub-processorLocationPurpose
Amazon Web Services (AWS)USA / EUCloud infrastructure & data storage
StripeUSAPayment processing
PostmarkUSATransactional email delivery
CloudflareUSA / Global CDNDDoS protection & CDN
PlanetScaleUSADatabase hosting

6. Data Subject Rights

AlertifyPro will assist the Controller in responding to data subject requests (access, rectification, erasure, portability) within 72 hours of receiving a request. All requests should be submitted to [email protected].

7. Security Measures

Encryption at rest (AES-256)
TLS 1.3 in transit
Role-based access control
Annual penetration testing
SOC 2 Type II certified
Regular security training

8. International Transfers

For transfers of Personal Data outside the EEA, AlertifyPro relies on EU Standard Contractual Clauses (SCCs) as approved by the European Commission. EU data residency is available for Enterprise customers upon request.

9. Duration & Deletion

This DPA remains in effect for the duration of the service agreement. Upon termination, AlertifyPro will delete all Personal Data within 30 days, unless retention is required by applicable law. A certificate of deletion is available upon request for Enterprise customers.

Need a countersigned DPA?

Enterprise customers can request a signed copy. Contact our legal team.

Contact legal