This Data Processing Agreement ("DPA") supplements our Privacy Policy and MSA for customers subject to the GDPR, UK GDPR, and similar data protection regulations. For enterprise customers requiring a signed DPA, please contact privacy@s6securitylabs.com
1. Definitions & Roles
Data Controller: You (the customer) determine the purposes and means of processing personal data.
Data Processor: S6 Security Labs processes personal data on your behalf according to your instructions.
2. Processing Instructions
S6 processes personal data only as necessary to provide services under our agreement and as documented in our Privacy Policy. We will not process data for any other purpose without your prior written consent.
3. Security Measures
We implement appropriate technical and organizational measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication and access controls
- Regular security audits and penetration testing
- Incident response and breach notification procedures
For complete details, see our Security Program.
4. Sub-Processors
We use the following categories of sub-processors:
- Cloud Infrastructure: AWS, Microsoft Azure
- Payment Processing: Stripe
- Email Services: Brevo
We maintain data processing agreements with all sub-processors and will notify you of changes with 30 days' notice.
5. Data Subject Rights
We will assist you in responding to data subject requests (access, rectification, erasure, portability, restriction) within applicable timeframes. Contact us at privacy@s6securitylabs.com for assistance.
6. Data Transfers
International transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and appropriate supplementary measures. See our Privacy Policy for details.
7. Data Return & Deletion
Upon termination, we will return or delete your personal data according to our retention schedule unless legally required to retain it. You may request data export at any time.