Automation suite

Legal

Policies, disclosures, and notices for using Indicator Design Studio.

Data Processing Addendum (DPA)

Indicator Design Studio Data Processing Addendum (DPA)

Last Updated: 2026-05-19

Version: dpa-v1.0-beta

This Data Processing Addendum ("DPA") forms part of the service agreement between a business customer ("Customer") and Indicator Design Studio ("Provider") where applicable data protection laws require such terms.

1. Roles

  1. Customer acts as Controller (or Business) for Customer Personal Data submitted to the Platform.
  2. Provider acts as Processor (or Service Provider) for that Customer Personal Data.
  3. For personal data processed for Provider's own service security, abuse prevention, and product operations, Provider may act as an independent Controller.

2. Processing Scope

Provider processes Customer Personal Data to:

  1. provide Platform services;
  2. secure and maintain services;
  3. process billing and service operations;
  4. provide support and incident response;
  5. comply with legal obligations.

Categories of data may include identifiers, account metadata, technical logs, and usage/billing records submitted through the Platform.

3. Instructions

  1. Provider processes Customer Personal Data only on documented instructions from Customer, including this DPA and Platform configuration choices.
  2. Provider may process data where required by law; where permitted, Provider will notify Customer.

4. Confidentiality

Provider ensures persons authorized to process Customer Personal Data are subject to confidentiality obligations.

5. Security Measures

Provider implements appropriate technical and organizational measures, including:

  1. encryption in transit;
  2. access controls and least privilege;
  3. logging/monitoring and incident controls;
  4. backup and restoration practices.

6. Subprocessors

  1. Customer authorizes Provider to use subprocessors for infrastructure and operational services.
  2. Provider remains responsible for subprocessors under applicable law.
  3. Subprocessor details are provided via Provider documentation or support channel.

7. International Transfers

Where Customer Personal Data is transferred internationally, Provider applies appropriate safeguards required by applicable law.

8. Data Subject Requests

Taking into account the nature of processing, Provider will provide reasonable assistance for data subject rights requests where Customer cannot fulfill them alone.

9. Incident Notification

  1. Provider will notify Customer without undue delay after becoming aware of a confirmed personal data breach affecting Customer Personal Data.
  2. Notification includes available information on scope, impact, and mitigation steps.

10. Deletion and Return

Upon termination and subject to legal retention obligations, Provider will delete or return Customer Personal Data within a commercially reasonable period.

11. Audit and Information Rights

Provider will make available information reasonably necessary to demonstrate compliance with this DPA.

Any audit request must be reasonable, proportionate, and subject to confidentiality and security controls.

12. Liability

Liability under this DPA is subject to the liability terms of the main service agreement/Terms, except where mandatory law provides otherwise.

13. Order of Precedence

If there is a conflict between this DPA and other service terms regarding personal data processing, this DPA controls for processing matters.