Data Processing Addendum (DPA)

This DPA describes data processing terms that apply when customer data is processed through CanineOps. Privacy contact: privacy@canineops.com.

1. Roles of the parties

For customer data entered by customer organizations, customer generally acts as controller/business and CanineOps acts as processor/service provider, except where CanineOps acts as controller for its own operational account and billing data.

2. Processing instructions

CanineOps processes customer data on documented customer instructions as reflected in customer configuration, support requests, and service usage, and only as necessary to provide and secure the service or as required by law.

3. Confidentiality

CanineOps personnel with access to customer data are subject to confidentiality obligations and role-based access limitations.

4. Trusted service providers

CanineOps may use trusted third-party providers for infrastructure, billing, communications, and other operational services. The current provider list is available at /subprocessors.

5. Security measures

CanineOps applies commercially reasonable safeguards including encrypted transport, access controls, and operational monitoring appropriate to current service design.

6. Incident notification

CanineOps will notify affected customers of confirmed security incidents involving customer data when required by law or contract, and will provide available information appropriate to the incident.

7. Return and deletion

Upon termination, customer data return and deletion follow the applicable subscription terms, retention policy, and legal obligations. See Data Retention & Deletion Policy.

8. Audit and information support

CanineOps may provide reasonable information to help customers assess processing controls, subject to confidentiality, security, and practical operational limits.

9. International transfers

If cross-border transfers occur, parties will rely on applicable legal transfer mechanisms as required by law and reflected in customer contractual documents where needed.

10. Order of precedence

If this DPA conflicts with another signed agreement covering data processing, the signed agreement controls to the extent of that conflict.