Data Processing Agreement
Last Updated: December 19, 2024
Data Processing Agreement
Last Updated: December 19, 2024
This Data Processing Agreement ("DPA") is entered into between AppEnso (operated by Awesome Enterprises Private Limited) and you (the "Customer") and forms part of the Terms of Service for AppEnso's services.
By using AppEnso's services, you agree to the terms of this DPA.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on Personal Data
- Data Subject: The individual to whom Personal Data relates
- Controller: Entity that determines the purposes and means of Processing
- Processor: Entity that Processes Personal Data on behalf of the Controller
- Sub-processor: Third party engaged by Processor to Process Personal Data
2. Scope and Roles
2.1 Relationship
- Customer is the Controller of Personal Data
- AppEnso is the Processor of Personal Data
- This DPA applies when AppEnso processes Personal Data on Customer's behalf
2.2 AppEnso's Processing
AppEnso processes Personal Data solely to provide the services described in our Terms of Service, including:
- Providing Google Workspace add-ons and related services
- Technical support
- Service improvements
- Security and fraud prevention
3. AppEnso's Obligations
3.1 Compliance
AppEnso will:
- Process Personal Data only on documented instructions from Customer
- Ensure personnel are subject to confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist Customer with data protection obligations where feasible
3.2 Security
AppEnso implements industry-standard security measures including:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Access controls and authentication
- Regular security assessments
- Incident response procedures
3.3 Data Location
Personal Data may be processed in:
- India (AppEnso's primary location)
- Other countries where our sub-processors operate
4. Sub-processors
4.1 Authorized Sub-processors
Customer agrees that AppEnso may use the following sub-processors:
| Service | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure hosting | Global |
| Cloudflare | Infrastructure hosting | Global |
| Stripe | Payment processing | Global |
| LemonSqueezy | Subscription management | USA |
| SendGrid | Email delivery | USA |
4.2 New Sub-processors
- AppEnso will notify Customer of new sub-processors via email or in-app notification
- Customer may object to new sub-processors within 30 days
- If Customer objects, Customer may terminate the affected services
5. International Transfers
5.1 Transfer Mechanisms
For transfers outside the EEA/UK, AppEnso relies on:
- Standard Contractual Clauses (where applicable)
- Other appropriate safeguards under applicable law
5.2 Customer Acknowledgment
Customer acknowledges that:
- AppEnso is based in India
- Data may be transferred internationally to provide services
- Customer is responsible for its own compliance with data transfer restrictions
6. Data Subject Rights
6.1 Assistance
AppEnso will assist Customer in responding to Data Subject requests through:
- Features within the services to access, correct, delete, and export data
- Reasonable cooperation with Customer's requests
6.2 Customer Responsibility
Customer is responsible for:
- Responding to Data Subject requests
- Determining the lawful basis for processing
- Providing any required notices to Data Subjects
7. Security Incidents
7.1 Notification
If AppEnso becomes aware of a security incident affecting Personal Data:
- AppEnso will notify Customer without undue delay
- AppEnso will provide reasonable information about the incident
- AppEnso will take steps to mitigate harm
7.2 Customer Obligations
Customer will:
- Maintain current contact information
- Notify AppEnso of any security issues
- Cooperate in incident response
8. Audits
8.1 Information
AppEnso will provide reasonable information about its processing activities upon request
8.2 Certifications
AppEnso may provide certifications or audit reports in lieu of on-site audits where reasonable
9. Data Retention and Deletion
9.1 During Service
- Customer can delete data using service features
- Deleted data will be removed within 90 days
9.2 After Termination
- Customer must export any data before termination
- AppEnso will delete Personal Data within 90 days after termination
- Some data may be retained as required by law
10. Limitation of Liability
AppEnso's liability under this DPA is subject to the limitations in the Terms of Service.
11. California Privacy Rights
For California residents, AppEnso:
- Acts as a "Service Provider" under CCPA
- Does not sell Personal Information
- Processes Personal Information only as necessary to provide services
12. Updates to this DPA
AppEnso may update this DPA to reflect:
- Changes in law or regulations
- New features or services
- Security improvements
Updates will be posted on our website with notice to Customers.
13. Contact
For privacy or data protection questions:
- Email: [email protected]
- Address: 65, Mangal Vihar, Gopalpura Bypass, Jaipur, Rajasthan 302018, India
14. Agreement
By using AppEnso's services, you acknowledge that you have read and agree to this DPA. This DPA is incorporated into and subject to the Terms of Service.
Appendix A: Data Processing Details
Categories of Data Subjects:
- Customer's end users
- Customer's employees
- Individuals whose data is processed through the services
Types of Personal Data:
- Account information (name, email, company)
- Usage data (IP addresses, browser information)
- Content data (as processed through Google Workspace)
- Communication data (support tickets, emails)
Processing Operations:
- Storage and hosting
- Access control and authentication
- Service delivery and support
- Analytics and improvements
Processing Purposes:
- Providing Google Workspace add-ons
- Customer support
- Service improvement
- Legal compliance
- Security and fraud prevention