Legal

Data Processing Agreement

Clear terms for how we handle and safeguard your customer data.

Version 1.0.2 • September 9, 2025

Version 1.0.2 • September 9, 2025

  1. Welcome to Runlyx.
    This Data Processing Agreement, or DPA, sets out how Runlyx processes personal data on behalf of our customers.It supplements the Terms of Service and applies whenever Runlyx processes personal data as a processor for a customer who is a controller.

  2. 1. Applicability and order of precedence

    This DPA applies to Runlyx services where we process personal data on behalf of a customer.
    In the event of a conflict between this DPA and the Terms of Service, the DPA governs only for matters relating to processing of personal data.

  3. 2. Roles of the parties

    The customer acts as the data controller. Runlyx acts as the data processor.
    Each party will comply with applicable data protection law, including GDPR and other local laws where relevant.

  4. 3. Processing details

    Purpose of processing
    Runlyx processes personal data to deliver the Services, to provide support, to bill customers, to operate integrations and to meet the customer instructions documented in the order or account settings.

    Types of personal data
    Typical categories include contact and account data, technical and device data, usage and performance metrics, and project or system data that customers upload. Specific data elements will depend on customer configuration and usage.

    Categories of data subjects
    End users, account administrators and other individuals whose data is submitted to or generated by the Services.

    Processing duration
    Runlyx processes personal data for the term of the customer agreement and for any additional period needed to comply with legal obligations or to exercise legal claims.

  5. 4. Subprocessors and third parties

    Runlyx uses subprocessors such as cloud hosting providers, payment processors and analytics vendors to operate the Services.
    A current list of subprocessors is available on request.
    We will notify customers of material changes to the list and provide a reasonable opportunity to object where required by law.

  6. 5. Security measures

    Runlyx implements reasonable technical and organizational measures to protect personal data. Measures include the following where appropriate and feasible:

    • Encryption in transit and at rest.

    • Access controls and role based permissions.

    • Network and application firewalls and monitoring.

    • Regular vulnerability scanning and security reviews.

    • Secure development practices and change control.

    • Logging, alerting and incident management procedures.

    Customers may request a summary of our security controls or a SOC type report where available.

  7. 6. International transfers

    Personal data may be processed in regions where Runlyx or its subprocessors operate.
    For international transfers we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses or other safeguards permitted by law.

  8. 7. Data subject rights and assistance

    Runlyx will assist the customer, to the extent feasible, in responding to data subject requests such as access, correction, deletion and portability.
    Customers should direct requests from data subjects to their account administrators first.
    Runlyx will cooperate with the customer to provide required information or technical assistance.

  9. 8. Confidentiality and personnel

    Runlyx requires personnel with access to customer personal data to maintain confidentiality.
    Access is limited to authorized staff and subcontractors who need access to provide the Services.

  10. 9. Incident response and breach notification

    Runlyx maintains an incident response process. If Runlyx becomes aware of a personal data breach affecting customer data, we will notify the customer without undue delay and provide available information to support statutory reporting obligations and remediation.

  11. 10. Audits and compliance reviews

    Customers may request an audit or review of Runlyx processing practices in accordance with applicable law.
    Runlyx will reasonably cooperate with audits. For frequent or extensive audits Runlyx may require a mutually agreed scope, reasonable notice and cost sharing.

  12. 11. Return and deletion of data

    On termination of the Services Runlyx will, at the customer choice, delete or return personal data in accordance with the agreement.
    Where deletion is requested Runlyx will delete data within a reasonable timeframe except where retention is required by law.

  13. 12. Liability and remedies

    This DPA does not modify the liability provisions of the underlying agreement except to the extent they specifically address data protection obligations.
    For data processing claims parties will follow the dispute resolution and limitation rules in the main agreement.

  14. 13. Changes to this DPA

    Runlyx may update this DPA from time to time. Material changes will be communicated to customers by email or through the Services and will not apply retroactively to processing prior to the effective date unless required by law.

  15. 14. Contact and requests

    For questions about this DPA, to request the current list of subprocessors, or to make a data subject related request please contact contact@runlyx.framer.website

  16. 15. Additional notes for template users

    This Data Processing Agreement is a placeholder. It is not legal advice.
    Consult a qualified attorney to tailor language for your jurisdiction, business model, and any regulated markets you serve.

  17. Acknowledgement

    By using Runlyx Services you acknowledge that you have read and understood this Data Processing Agreement and agree to its terms.

Create a free website with Framer, the website builder loved by startups, designers and agencies.