Data Processing Agreement (DPA)

Last updated: October 6, 2025

1. Definitions

For the purposes of this DPA:

  • Controller: The entity that determines the purposes and means of processing Personal Data
  • Processor: CodeBrick, which processes Personal Data on behalf of the Controller
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Data Subject: An identified or identifiable natural person

2. Scope and Applicability

This DPA applies to the processing of Personal Data by CodeBrick on behalf of the Controller in connection with the provision of CodeBrick services. This DPA is supplemental to and forms part of the Terms of Service.

3. Data Processing

CodeBrick shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that persons authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational measures to ensure security
  • Assist the Controller in responding to Data Subject requests
  • Delete or return all Personal Data after the end of services, unless required by law to retain

4. Security Measures

CodeBrick implements the following security measures:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • SOC 2 Type II compliance
  • Regular employee security training

5. Sub-processors

CodeBrick may engage sub-processors to assist in providing services. A current list of sub-processors is available upon request. CodeBrick will notify the Controller of any intended changes concerning the addition or replacement of sub-processors.

6. Data Breach Notification

CodeBrick will notify the Controller without undue delay upon becoming aware of a Personal Data breach affecting the Controller's data, and will provide reasonable assistance in investigating and mitigating the breach.

7. International Data Transfers

Any transfer of Personal Data to countries outside the EEA will be subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

8. Audit Rights

CodeBrick will make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

Contact

For questions regarding this DPA or to request a signed copy, contact us at dpa@codebrick.io