Skip to content

Data Processing Agreement

Effective date: 01.01.2026
Last updated: 08.01.2026
Company: Codify doo
Address: 1000 Zagreb, Croatia
Website: sproobo.com
Support: info@sproobo.com
VAT ID: HR59253184772

Summary

  • This DPA applies when Sproobo processes personal data on your behalf.
  • You are the Controller; Sproobo is the Processor.
  • We process data only on your documented instructions and to provide the Service.
  • We use reasonable security measures, but no system is perfectly secure.
  • You can request a list of sub-processors or object to changes.

1. Scope and relationship

This Data Processing Agreement ("DPA") is part of the Terms & Conditions and applies to the extent Sproobo processes personal data on behalf of the Customer in connection with the Service.

  • Customer is the data controller (or a processor on behalf of another controller).
  • Sproobo is the data processor.

If there is a conflict between this DPA and the Terms & Conditions, this DPA will control for processing of personal data.

2. Definitions

Terms such as "personal data," "processing," "controller," and "processor" have the meanings given in the GDPR. "Sub-processor" means a third party engaged by Sproobo to process personal data on behalf of the Customer.

3. Processing details

3.1 Subject matter and purpose

Sproobo processes personal data to provide the Service, including provisioning and managing deployments, authentication, billing, and support.

3.2 Duration

Processing continues for the duration of the Customer's use of the Service, plus any retention period required by law or for backup and recovery.

3.3 Nature of processing

Collection, storage, transmission, access, and deletion of personal data as necessary to operate the Service.

3.4 Categories of data subjects

End users, Customer employees, contractors, and other individuals whose personal data is included in User Content or account records.

3.5 Types of personal data

  • Account identifiers (name, email, OAuth provider ID, avatar)
  • Logs and telemetry associated with deployments
  • Application data and metadata uploaded by the Customer
  • IP addresses and device identifiers
  • Billing contact data

4. Customer obligations

The Customer represents and warrants that it has a valid legal basis to process and share personal data with Sproobo and that it will comply with applicable data protection laws. The Customer is responsible for the content of User Content, including any personal data it collects or processes in its applications.

5. Sproobo obligations

Sproobo will:

  • Process personal data only on documented instructions from the Customer, including to provide and improve the Service.
  • Ensure that personnel authorized to process personal data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational measures to protect personal data.
  • Notify the Customer of a personal data breach without undue delay after becoming aware of it.
  • Assist the Customer with data subject requests and regulatory inquiries to the extent required by law.

6. Security measures

Sproobo maintains reasonable administrative, technical, and organizational safeguards, including access controls, encryption in transit, and encryption at rest for infrastructure tokens. We redact secrets from logs where possible. No method of transmission or storage is 100% secure.

7. Sub-processors

The Customer grants Sproobo a general authorization to engage sub-processors. Current sub-processors may include infrastructure providers (Hetzner), payment processors (Stripe), email providers, analytics providers (optional), and error monitoring providers (optional).

We will provide notice of new sub-processors by posting updates on WEBSITE URL or by email. The Customer may object to a new sub-processor on reasonable grounds by contacting SUPPORT EMAIL within 14 days of notice. If we cannot resolve the objection, the Customer may terminate the affected portion of the Service.

8. International transfers

If personal data is transferred outside the EEA/UK, Sproobo will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or an approved transfer mechanism.

9. Assistance and audits

Sproobo will provide reasonable assistance with data protection impact assessments and audits, to the extent required by law. Audit requests must be reasonable, limited in scope, and subject to confidentiality and security requirements.

10. Return or deletion of data

Upon termination of the Service, Sproobo will delete or return personal data in accordance with the Terms & Conditions and applicable law. Data in backups will be deleted on a rolling basis.

11. Liability

Liability under this DPA is subject to the limitations of liability in the Terms & Conditions, unless prohibited by law.

12. Contact

Questions about this DPA can be sent to SUPPORT EMAIL or PRIVACY CONTACT (IF DIFFERENT).