Data Processing Agreement
For organizations that need a formal DPA for GDPR or other data protection compliance.
What is a DPA?
A Data Processing Agreement (DPA) is a legally binding document between a data controller (you) and a data processor (Cybrove) that outlines how personal data is handled. It's required under GDPR and similar data protection regulations.
Our Standard DPA
Cybrove's standard DPA covers data processing terms required under GDPR (EU), UK GDPR, and other applicable data protection laws. It addresses: data processing scope, subprocessor list, security measures, data breach notification procedures, data subject rights, data deletion, and international data transfers.
To obtain a copy of our pre-signed DPA, contact us at legal@cybrove.com.
What data does Cybrove process?
Data we process
- Account information (name, email, organization)
- Asset data (domains, IPs, repository URLs)
- Scan results (vulnerability findings, security scores)
- Usage data (scan history, login timestamps)
Data we do NOT process
- Your application's user data
- Your customers' personal data
- The content of communications on your systems
- Any data beyond what's needed for security scanning
Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Cloud Infrastructure Provider | Application hosting and compute | US / EU |
| Polar.sh | Payment processing and subscription management | US |
| Email Service Provider | Transactional and notification emails | US |
| MinIO / Object Storage | Report and scan artifact storage | US |
Custom DPA
Need modifications to our standard DPA? Contact legal@cybrove.com. Enterprise customers: DPA negotiation is included in your plan.
Contact
Questions about data processing? Contact our team at legal@cybrove.com or dpa@cybrove.com.