Data Processing Agreement - FindForce.io
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Developer Friendly OÜ ("Processor") and the Customer ("Controller") using FindForce services.
1. Definitions
- Controller: The Customer using FindForce services
- Processor: Developer Friendly OÜ (operating FindForce)
- Personal Data: Email addresses and related contact information processed through the service
- Processing: Any operation performed on Personal Data through FindForce
2. Processing Scope
Nature and Purpose: Email verification and deliverability validation
Categories of Data: Professional email addresses, associated metadata, and product usage telemetry
Duration: Throughout the term of service plus 30 days
Processing Location: European Union (primarily Estonia)
3. Processor Obligations
The Processor shall:
- Process Personal Data only on documented instructions from the Controller
- Ensure personnel are subject to appropriate confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Controller in responding to data subject requests
- Delete or return Personal Data upon termination of services
- Notify the Controller of any data breach within 72 hours of awareness
- Make available information necessary to demonstrate compliance
4. Controller Responsibilities
The Controller shall:
- Ensure appropriate legal basis for data processing
- Provide necessary information to data subjects
- Handle data subject access requests
- Ensure compliance with applicable data protection laws
- Provide clear instructions for data processing
5. Authorized Subprocessors
The following subprocessors are authorized:
| Service Provider | Purpose | Location |
|---|---|---|
| Hetzner | Infrastructure Hosting | EU (Germany) |
| CloudFlare | CDN and Security | Global |
| Lemon Squeezy | Payment Processing | United States |
| Maileroo | Email Delivery | EU |
| PostHog | Product Analytics | US/EU |
Changes to subprocessors will be communicated with reasonable notice.
6. Security Measures
Technical and organizational measures include:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Access control and authentication systems
- Regular security assessments
- Incident response procedures
- Employee training on data protection
7. International Transfers
Data transfers outside the European Economic Area utilize appropriate safeguards:
- Standard Contractual Clauses (EU Commission approved)
- Adequacy decisions where applicable
8. Audit and Compliance
The Controller may request annual evidence of compliance. The Processor will provide relevant certifications and compliance documentation upon reasonable request.
9. Liability and Indemnification
Liability provisions are governed by the Terms of Service. Each party shall indemnify the other against damages resulting from their respective violations of data protection laws.
10. Duration and Termination
This DPA remains effective for the duration of the Terms of Service. Data deletion shall occur within 30 days of termination unless legal retention is required.
Contact Information
General Support
support@findforce.ioPrivacy Inquiries
privacy@findforce.ioLegal Matters
legal@findforce.ioDeveloper Friendly OÜ
Registry Number: 16511866
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Kiriku tn 6, 10130
Country: Estonia 🇪🇪
This DPA is automatically incorporated into your FindForce service agreement.