Data Processing Agreement

How we process and protect your data as a data processor

Last updated: January 2025

Important Notice

This Data Processing Agreement ("DPA") forms part of our Terms of Service and governs how Apito LLC ("Apito", "we", "us", or "our") processes personal data on behalf of our customers.

Agreement Acceptance

BY USING OUR SERVICES, YOU AGREE TO THIS DATA PROCESSING AGREEMENT. This DPA is automatically incorporated into our Terms of Service and applies to all customers who use our API builder platform.

1. Definitions

In this DPA:

a) "Data Controller"

means the customer who determines the purposes and means of processing personal data;

b) "Data Processor"

means Apito, who processes personal data on behalf of the Data Controller;

c) "Personal Data"

means any information relating to an identified or identifiable natural person;

d) "Processing"

means any operation performed on personal data, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, or destruction;

e) "Sub-processor"

means any third party engaged by Apito to process personal data on behalf of the Data Controller.

2. Roles and Responsibilities

a) Data Controller Responsibilities

As the Data Controller, you are responsible for:

  • Determining the legal basis for processing personal data
  • Ensuring you have the right to share personal data with us
  • Providing accurate and up-to-date personal data
  • Responding to data subject requests
  • Ensuring compliance with applicable data protection laws

b) Data Processor Responsibilities

As the Data Processor, we are responsible for:

  • Processing personal data only as instructed by you
  • Implementing appropriate security measures
  • Assisting you in responding to data subject requests
  • Notifying you of any data breaches
  • Ensuring our staff are bound by confidentiality obligations

3. Processing Activities

a) Nature and Purpose of Processing

We process personal data for the following purposes:

  • Providing and maintaining our API builder platform
  • Managing user accounts and authentication
  • Processing payments and billing
  • Providing customer support and technical assistance
  • Improving our services and user experience
  • Ensuring security and preventing fraud
  • Complying with legal obligations

b) Types of Personal Data

The types of personal data we process may include:

  • Contact information (name, email, company)
  • Account credentials and authentication data
  • Usage data and analytics information
  • Support communications and feedback
  • Payment and billing information
  • Technical data (IP addresses, device information)
  • Any personal data you choose to include in your API projects

c) Duration of Processing

We will process personal data for the duration of your use of our services and for a reasonable period thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

4. Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection practices
  • Incident response and breach notification procedures
  • Physical and environmental security controls
  • Regular backup and disaster recovery procedures

5. Sub-processors

a) Authorization

You authorize us to engage Sub-processors to process personal data on your behalf. We will ensure that all Sub-processors are bound by contractual obligations that provide the same level of data protection as this DPA.

b) Current Sub-processors

Our current Sub-processors include:

  • Cloud Hosting: AWS, Google Cloud Platform, or Azure for infrastructure services
  • Analytics: Google Analytics for website usage analytics
  • Payment Processing: Stripe for payment processing and billing
  • Customer Support: Intercom for customer support and chat functionality
  • Content Delivery: Cloudflare for content delivery and security services

c) Notification of Changes

We will notify you of any intended changes concerning the addition or replacement of Sub-processors, thereby giving you the opportunity to object to such changes.

6. Data Subject Rights

We will assist you in responding to requests from data subjects to exercise their rights under applicable data protection laws, including:

  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to erasure of personal data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

7. Data Breach Notification

IMPORTANT BREACH NOTIFICATION

In the event of a personal data breach, we will notify you without undue delay after becoming aware of the breach. We will provide you with all necessary information to help you meet your breach notification obligations under applicable data protection laws.

8. Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Audit Rights

You have the right to audit our compliance with this DPA. We will cooperate with reasonable audit requests and provide you with access to relevant information, subject to confidentiality obligations and reasonable notice requirements.

10. Return and Deletion of Data

Upon termination of our services or at your request, we will return or delete all personal data in our possession, except where we are required to retain certain information by law or for legitimate business purposes.

11. Limitation of Liability

Our liability under this DPA is subject to the limitations set forth in our Terms of Service. We will not be liable for any indirect, incidental, special, consequential, or punitive damages arising from our processing of personal data.

12. Governing Law and Jurisdiction

This DPA shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of law provisions. Any disputes arising from this DPA shall be resolved in accordance with the dispute resolution provisions in our Terms of Service.

13. Contact Information

If you have any questions about this Data Processing Agreement, please contact us at:

Apito LLC

1309 Coffeen Avenue STE 1200

Sheridan, Wyoming 82801

Email: [email protected]

This Data Processing Agreement is effective as of the date stated above and applies to all customers using our services.