Data Processing Addendum

Legal

Data Processing Addendum

An outline of TrackLayer's standard DPA terms for customers reviewing privacy, procurement, and vendor risk requirements.

Download PDF

This page is a non-binding DPA outline. Binding terms are provided in executed customer agreements and the downloadable PDF placeholder will be replaced with the final document.

§ 01

Standard terms

Roles and scope

TrackLayer acts as processor for customer-controlled personal data and processes data only under documented controller instructions.

Processing details

Processing covers collection, validation, storage, enrichment, deduplication, routing, support, security monitoring, and audit logging.

Security measures

TrackLayer maintains technical and organizational controls including encryption, access control, logging, monitoring, backup, and incident response.

Sub-processors

TrackLayer uses sub-processors only under written agreements with appropriate data protection obligations and publishes an illustrative list for review.

Data subject requests

TrackLayer assists customers with access, deletion, correction, restriction, portability, and objection requests to the extent applicable to the service.

Incident notice

TrackLayer will notify affected customers without undue delay after confirming a personal data breach involving customer data.

Return or deletion

At termination, TrackLayer deletes or returns customer personal data according to the agreement unless retention is required by law.

Audits and evidence

TrackLayer makes reasonable information available for compliance verification under confidentiality, security, and operational constraints.

§ 02

Related resources

Review subprocessors or send a security questionnaire to security@tracklayer.com.

Sub-processors Contact security