Data Processing Agreement
What is a Data Processing Agreement (DPA)?
A Data Processing Agreement (DPA) is a legally binding document entered into between Zykrr (the data processor) and the customer (the data controller) that outlines each party’s obligations when handling personal data.
The DPA is essential for ensuring that your use of Zykrr complies with data protection laws such as GDPR, CCPA, HIPAA, and DPDPA (India).
Purpose of the DPA
The DPA ensures:
- Lawful, fair, and transparent processing of personal data
- Clarification of roles and responsibilities between the controller and processor
- Implementation of appropriate security and technical safeguards
- Compliance with cross-border data transfer requirements (if applicable)
- Alignment with global privacy laws
Key Components of Zykrr’s DPA
| Section | Summary |
|---|---|
| Roles & Scope | Defines Zykrr as the processor and the customer as the controller |
| Data Categories | Specifies the type of personal data processed (e.g., email, contact ID, open text feedback) |
| Purpose Limitation | Zykrr processes data strictly as per the instructions of the customer |
| Confidentiality | Ensures that only authorized personnel can access personal data |
| Subprocessors | Lists authorized subprocessors and allows customers to object to additions |
| Security Measures | Describes encryption, access control, monitoring, and incident management practices |
| Data Subject Rights | Enables customers to fulfill access, deletion, or correction requests from end users |
| Data Transfer | Covers SCCs (Standard Contractual Clauses) or other safeguards if data moves cross-border |
| Audit Rights | Provides the controller the right to review Zykrr’s data processing and security controls |
| Data Return/Deletion | Upon contract termination, Zykrr will delete or return all personal data as instructed |
When is a DPA Required?
A DPA is required if you:
- Collect or process personally identifiable information (PII) using Zykrr
- Operate under GDPR, CCPA, HIPAA, or DPDPA requirements
- Require custom data residency, deletion, or audit terms
For most enterprise and regulated clients, the DPA is included during the contracting phase or as an addendum to the Master Services Agreement (MSA).
How to Request or Sign the DPA
- If you’re a new customer, your account manager will initiate the DPA as part of onboarding.
- If you’re an existing customer and need a signed copy, email us at support@zykrr.com.
- Our legal team can also assist in reviewing your organization’s standard DPA if needed.
Related Policies
Zykrr is committed to helping you stay compliant, secure, and in control of your data.
For custom DPA terms or audit-specific requirements, please reach out to your Customer Success Manager or support@zykrr.com.