Data Processing Agreement
Last updated: March 1, 2026
1. Scope and Purpose
This DPA supplements the Terms of Service and applies when CloudLink processes personal data on your behalf as a "Processor" under GDPR or equivalent laws.
2. Data Processing Details
Categories of data subjects: your employees, contractors, and end-users. Types of personal data: name, email, IP address, usage telemetry. Processing purposes: service delivery, support, billing.
3. Processor Obligations
CloudLink shall: (1) process data only on documented instructions, (2) ensure personnel are bound by confidentiality, (3) implement appropriate technical and organizational measures, (4) assist with data subject rights requests.
4. Sub-Processors
Current sub-processors: AWS (infrastructure), Stripe (billing), Clerk (authentication), Sentry (error tracking). We notify you 30 days before adding a new sub-processor.
5. International Transfers
Data is processed in the United States. For EU transfers, we rely on Standard Contractual Clauses (Module 2: Controller-to-Processor) adopted by the European Commission.
6. Data Breach Notification
We will notify you of a personal data breach without undue delay and no later than 72 hours after becoming aware of the breach, providing details required under Article 33 GDPR.
Questions about this document? Contact us at [email protected] or write to CloudLink LLC, 8 The Green, Suite A, Dover, DE 19901, USA.