Data Processing Agreement

This Data Processing Agreement ("DPA") applies when AhuraSense Cloud processes personal data on behalf of a customer in connection with providing cloud infrastructure services.

This DPA supplements the Terms of Service and applies to customer personal data processed in customer accounts, workloads, logs, support channels, and associated platform tooling.

The customer is the data controller (or processor acting for a controller) and AhuraSense acts as a processor. Each party will comply with obligations applicable to its role under relevant privacy laws.

AhuraSense processes personal data only on documented customer instructions, including instructions contained in customer configuration choices, API requests, support requests, and written agreements.

If AhuraSense is required by law to process data beyond customer instructions, we will notify the customer unless legally prohibited.

AhuraSense maintains appropriate safeguards designed to protect personal data, including:

• Logical access controls and least-privilege access management.
• Encryption in transit and secure service communication channels.
• Security monitoring, logging, vulnerability management, and alerting.
• Operational controls for incident detection, response, and service continuity.

AhuraSense may use subprocessors to deliver infrastructure, payment, communications, and support capabilities. We require subprocessors to provide data protection obligations no less protective than those in this DPA.

Customers may request current subprocessor information by contacting privacy@ahuracloud.com.

Taking into account the nature of processing, AhuraSense provides reasonable assistance to help customers respond to lawful requests from data subjects, including access, correction, deletion, portability, and objection requests.

AhuraSense will notify customers without undue delay after confirming a security incident involving customer personal data. Notifications will include known details about impact, mitigation actions, and recommended customer steps where relevant.

When personal data is transferred across borders, AhuraSense uses legally recognized transfer mechanisms, including Standard Contractual Clauses, and applies supplementary safeguards where appropriate.

Upon reasonable request, AhuraSense will provide information necessary to demonstrate compliance with this DPA and applicable processing obligations, including available summaries of security controls and independent assurance materials.

Upon termination of services and subject to legal retention requirements, AhuraSense will delete or return customer personal data in accordance with documented customer instructions and service capabilities.

This DPA remains in effect for as long as AhuraSense processes customer personal data under the main service agreement. We may update this DPA to reflect legal or operational changes, with updates published on this page.