Saphyroo
Book a demo

Legal

Data Processing Agreement

Standard DPA, our commitments around customer personal data, GDPR, and PDPL where applicable.

This DPA applies whenever Saphyroo processes personal data on behalf of a customer in connection with the Drive360 platform. It supplements the Terms of Service.

Roles

The customer is the controller; Saphyroo is the processor. Where Saphyroo independently determines purpose (e.g. service-improvement analytics on de-identified data), Saphyroo acts as a controller for that limited purpose.

Subprocessors

Saphyroo uses a small set of subprocessors, cloud infrastructure, error monitoring, email delivery. The current list is available on request and we'll notify customers before adding a new subprocessor.

Security

We follow industry-standard practices: encryption in transit and at rest, role-based access control, audited write paths, and a documented incident response process.

This is a draft. Final DPA executed per customer.