Data Processing Agreement (DPA)

Last updated: November 2025

1. Introduction & Parties

This Data Processing Agreement ("DPA") forms part of the Terms of Service. It governs the processing of Personal Data by WebPixie on behalf of the Customer during the provision of monitoring, uptime, and analysis services. The Customer acts as the Data Controller, and WebPixie acts as the Data Processor.

2. Definitions

Personal Data:

Any information relating to an identified or identifiable natural person.

Processing:

Any operation performed on Personal Data, including collection, storage, analysis, transmission, or deletion.

Controller:

The Customer who determines the purposes and means of processing.

Processor:

WebPixie, processing Personal Data on behalf of the Controller.

Sub-processor:

Third parties engaged by WebPixie to assist in processing activities.

Data Subject:

Individuals whose personal data is processed (e.g., Users, Workspace Members).

SCCs:

Standard Contractual Clauses for international data transfers.

3. Subject Matter & Duration of Processing

WebPixie processes Personal Data solely for the purpose of providing the WebPixie platform: domain monitoring, uptime checks, technical analysis, notifications, and related features. Processing continues for the duration of the Customer's use of the Service and ends upon the deletion or return of Personal Data in accordance with this DPA.

4. Categories of Data & Data Subjects

Categories of Personal Data:

  • • Account data: email address, full name, profile photo (optional).
  • • Workspace data: user roles, membership information.
  • • Usage data: logs, IP addresses, device information, operational metadata.
  • • Analytics data: Analytics usage events associated with email, internal user ID, workspace name, and ID.

Data Subjects:

  • • Customer's authorized users.
  • • Workspace members.

5. Obligations of the Processor

WebPixie will:

  • • Process Personal Data only on documented instructions from the Customer.
  • • Ensure that personnel are bound by confidentiality obligations.
  • • Implement appropriate technical and organizational measures.
  • • Notify the Customer without undue delay of any Personal Data breaches.
  • • Assist with Data Subject requests (access, rectification, erasure, etc.).
  • • Assist with DPIAs and security assessments when required.
  • • Delete or return all Personal Data after termination.
  • • Make available all necessary information to demonstrate compliance.

6. Security Measures (Technical & Organizational)

WebPixie applies industry-standard protections including:

  • • Encryption of data in transit and at rest.
  • • Role-based access control (RBAC) and least privilege policies.
  • • Logging, monitoring, and threat detection.
  • • Segregation of customer data.
  • • Secure development, patching, and vulnerability management.

7. Sub-Processors

WebPixie engages the following Sub-Processors:

  • AWS - hosting and infrastructure.
  • Cloudflare - CDN, WAF, and edge security.
  • Sentry - error tracking.
  • SendGrid - transactional email delivery.
  • Stripe - payment processing.
  • Amplitude - analytics processing.
  • Google Analytics - independent controller for analytics.

WebPixie will inform Customers 7-14 days in advance before engaging new Sub-Processors. The Customer has the right to object to the addition of a new sub-processor by providing reasonable grounds.

8. International Data Transfers

  • • Primary customer data is stored in the EU.
  • • Certain operational data may be processed globally (e.g., Cloudflare edge locations).
  • • Amplitude and Google Analytics may process Personal Data in the United States.
  • • WebPixie relies on Standard Contractual Clauses (SCCs) or equivalent safeguards.

9. Assistance to the Controller

WebPixie shall support the Customer by:

  • • Assisting with Data Subject requests.
  • • Assisting with DPIAs.
  • • Assisting with breach notification processes.
  • • Providing necessary documentation for compliance.

10. Data Breach Obligations

WebPixie will inform the Customer without undue delay upon becoming aware of any Personal Data breach. Notifications will include:

  • • The nature of the breach.
  • • The categories of Data Subjects affected and approximate numbers.
  • • The likely consequences of the breach.
  • • Measures taken or proposed to address the breach.

WebPixie will cooperate in incident investigations.

11. Return or Deletion of Data

Upon termination of the Service, WebPixie will delete or return the Personal Data at the Customer's choice. Unless required by law, all Personal Data is deleted within 30 days. Customers can export their data before deletion.

12. Audits & Certifications

  • • Customers may request audits of WebPixie's data processing activities.
  • • Audits may not occur more than once per year unless legally required.
  • • WebPixie may provide third-party certifications (e.g., infrastructure compliance) as proof of controls.

13. Liability & Limitations

Except as restricted by applicable law, the liability limitations specified in the Terms of Service apply.

14. Governing Law

This DPA is governed by the applicable laws of the Terms of Service.

15. Contact Information

WebPixie Ltd.

Address: 152 King's Rd Kensington London W8 4SG United Kingdom

Tax: 4271679744

Email: support@webpixie.io

Website: https://webpixie.io/contact

Back to WebPixie