Data Processing Agreement
Standard DPA for business customers.
Between: The Customer agreeing to this DPA ("Controller") and DocuHub ("Processor").
Effective Date: Upon acceptance of the Terms of Service.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
"Subprocessor" means any third party engaged by DocuHub to process Personal Data.
"Processing" means any operation performed on Personal Data.
"Subprocessor" means any third party engaged by DocuHub to process Personal Data.
2. Scope and Purpose
### 2.1 Subject Matter
DocuHub processes Personal Data on behalf of Customer to provide document conversion, editing, and e-signature services.
### 2.2 Nature of Processing
• Document conversion and format transformation
• PDF editing and annotation
• E-signature collection
• Temporary storage for processing
DocuHub processes Personal Data on behalf of Customer to provide document conversion, editing, and e-signature services.
### 2.2 Nature of Processing
• Document conversion and format transformation
• PDF editing and annotation
• E-signature collection
• Temporary storage for processing
3. Processor Obligations
DocuHub shall:
• Process Personal Data only on documented instructions from Customer
• Ensure personnel authorized to process Personal Data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Notify Customer without undue delay upon becoming aware of a Personal Data breach
• Process Personal Data only on documented instructions from Customer
• Ensure personnel authorized to process Personal Data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Notify Customer without undue delay upon becoming aware of a Personal Data breach
4. Subprocessors
• Maintain a list of approved Subprocessors (available at /subprocessors)
• Notify Customer of new Subprocessors with opportunity to object
• Ensure Subprocessors are bound by equivalent data protection obligations
5. International Transfers
Transfers outside the EEA are conducted using:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
6. Deletion and Return
Upon termination or upon Customer's instruction, DocuHub shall delete or return all Personal Data unless retention is required by law.
Data Protection Contact
Email: privacy@docuhub.live