Data Processing Agreement (DPA) Summary

Summary of how Xentos handles your data as a Processor.

Role of Xentos

For the purposes of the GDPR and PIPEDA, the Customer is the "Data Controller" and Xentos is the "Data Processor." We process personal data only on behalf of and in accordance with the Controller's documented instructions.

Security Measures

Xentos implements robust technical and organizational measures (TOMs) including multi-factor authentication, perimeter security, and regular vulnerability scanning to protect processed data.

Sub-processors

We use trusted sub-processors for infrastructure (e.g., AWS/Supabase) and billing. A full list of sub-processors is available to Enterprise customers upon request.

Audit Rights

Enterprise tier customers have the right to request documentation of our compliance with this DPA and, subject to confidentiality agreements, conduct or commission an audit of our processing activities.