Legal

Data Processing Agreement

The Data Processing Agreement (DPA) governing Zillapi's processing of personal data on behalf of customers who use the Zillapi developer API.

This is a template document. Review with qualified legal counsel before relying on it for compliance purposes.

This Data Processing Agreement (“DPA”) supplements the Zillapi Terms of Service and applies whenever you (the “Customer”) use the Zillapi developer API (the “Service”) in a manner that involves Zillapi processing personal data on your behalf. By using the Service in such a manner, you agree to this DPA.

1. Scope and roles

This DPA applies to the limited situations in which Customer integrates the Service into an application or workflow that causes personal data of Customer’s end users to be transmitted to or stored by Zillapi (for example, an end-user IP address passed through to a Zillapi endpoint).

Customer is the data controller (or, where applicable, the processor acting for its own controllers) of the personal data of its end users.
Zillapi acts as a data processor on Customer’s behalf with respect to that personal data.
For Customer’s own account and billing data, Zillapi is an independent controller, governed by the Privacy Policy, and that processing is outside the scope of this DPA.

2. Subject matter and duration

Zillapi processes Customer’s personal data solely to provide the Service in accordance with the Terms and Customer’s documented instructions. Processing continues for the term of the Customer’s subscription plus the deletion period in Section 9.

3. Subprocessors

Customer authorizes Zillapi to engage the following subprocessors:

Supabase — authentication and managed PostgreSQL hosting (US).
Stripe — payment processing and subscription billing (US, global).
Cloudflare — edge network, DDoS protection, and serverless compute (global).
Amazon Web Services — underlying infrastructure for one or more of the above (US).

Zillapi imposes data-protection obligations on each subprocessor that are no less protective than this DPA. Zillapi will provide at least [REVIEW: 30 days suggested] prior notice of any addition or replacement of a subprocessor. Customer may object on reasonable data-protection grounds; if the parties cannot resolve the objection, Customer may terminate the affected portion of the Service.

4. Security measures

Zillapi maintains the following technical and organizational measures, which it may update from time to time as long as the overall level of protection is not reduced:

TLS 1.2 or higher for all data in transit between the Customer, Zillapi, and Zillapi’s subprocessors.
Encryption at rest for the primary database and for backups.
Access to production systems restricted to authorized personnel, behind scoped credentials and multi-factor authentication.
Logical separation of Customer data within multi-tenant systems.
Logging and monitoring sufficient to detect anomalous access patterns.
Periodic credential rotation and removal of access for personnel whose role no longer requires it.

Zillapi does not claim certification under any specific third-party standard (such as SOC 2 or ISO 27001) and makes no representations to that effect. [REVIEW: update this paragraph if and when a formal certification is obtained.]

5. Confidentiality

Zillapi ensures that personnel authorized to process Customer personal data are bound by appropriate confidentiality obligations.

6. International transfers

Where Customer transmits personal data of EEA, UK, or Swiss data subjects to Zillapi, the parties rely on the European Commission’s Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), with Module Two (controller-to-processor) applying between Customer (as controller) and Zillapi (as processor). Where Customer itself is a processor for its own controllers, Module Three (processor-to-processor) applies. For UK transfers, the UK International Data Transfer Addendum is incorporated. For Swiss transfers, the SCCs are read with appropriate modifications for Swiss law.

[REVIEW: confirm with counsel whether Module One (controller-to-controller) should also be incorporated for any specific edge case before signature.]

7. Incident notification

Zillapi will notify Customer without undue delay, and in any event within 72 hours of becoming aware of a personal data breach affecting Customer’s data. The notice will describe, to the extent known, the nature of the breach, the categories and approximate number of affected records, the likely consequences, and the measures taken or proposed to address it. Notice does not constitute an admission of fault or liability.

8. Data subject requests

If Zillapi receives a request directly from a data subject relating to Customer personal data, Zillapi will not respond to the request beyond confirming receipt and will forward the request to Customer. Zillapi will provide reasonable assistance, at Customer’s expense if disproportionate effort is required, to help Customer fulfill its obligations to respond to data subject requests under applicable law (including access, rectification, erasure, restriction, portability, and objection rights).

9. Deletion or return on termination

On termination of the Customer’s subscription, Zillapi will, at Customer’s option, delete or return all Customer personal data in its possession within [REVIEW: 30 / 60 / 90 days — confirm internal policy] of the effective date of termination, except where retention is required by applicable law. Backup copies will be overwritten in the ordinary course of backup rotation, typically within [REVIEW: 35 days suggested — confirm with infra policy].

10. Audit

Customer may, no more than once per twelve-month period and on at least 30 days’ prior written notice, request reasonable information from Zillapi sufficient to demonstrate Zillapi’s compliance with this DPA. Zillapi will respond to such requests in writing. On-site audits, where required by mandatory law, will be conducted at Customer’s expense, during normal business hours, in a manner that does not unreasonably disrupt Zillapi’s operations, and subject to confidentiality obligations.

11. Liability

Each party’s liability arising out of or related to this DPA is subject to the limitation of liability set forth in the Terms of Service. Nothing in this DPA limits liability that cannot be limited by applicable law.

12. Conflict and governing law

In the event of a conflict between this DPA and the Terms, this DPA governs as to its subject matter. In the event of a conflict between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses govern. This DPA is governed by the law specified in the Terms of Service. [REVIEW: confirm jurisdiction matches the Terms — Delaware placeholder.]

13. Contact

DPA questions, subprocessor notifications, and incident communications: nikhil@landkit.pro.