Data Processing Agreement

Last updated: March 21, 2026

Download DPA Template

Get our standard Data Processing Agreement for your compliance needs.

What is a DPA?

A Data Processing Agreement (DPA) is a legally binding contract between a data controller (your organization) and a data processor (Infmap) that governs how personal data is handled when using our services.

Under GDPR and other data protection regulations, a DPA is required when you engage a third-party service provider to process personal data on your behalf.

Key DPA Terms

Data Processing Scope

We process data only as instructed by you and for the purpose of providing Infmap services.

Security Measures

TLS 1.3 encryption in transit, role-based access controls, and secure infrastructure.

Subprocessor Management

We maintain a list of approved subprocessors, available in our Privacy Policy.

Breach Notification

We commit to notifying you within 72 hours of any data breach.

Data Subject Rights

We assist you in responding to data subject access requests and other GDPR rights.

International Transfers

Our processors (Stripe, Google) include Standard Contractual Clauses (SCCs) in their data processing agreements.

Data Categories Processed

Account Data

- Name and email address
- Phone number
- Company/organization name
- Profile information

Platform Data

- Messages and communications
- Deal and contract information
- YouTube analytics (influencers)
- Usage logs

Financial Data

- Payment information
- Billing address
- Transaction history
- Wallet balance

Technical Data

- IP address
- Device information
- Browser type
- Authentication tokens

Need a Custom DPA?

Enterprise customers may require customized terms or additional provisions. Contact our support team to discuss your specific requirements.

For DPA inquiries:

Submit a support ticket with category "Legal / DPA Request"
Include your company name and specific requirements

This DPA is effective as of March 21, 2026 and is designed to meet GDPR requirements.