Skip to main content
Back to Legal

Data Processing Agreement

Last Updated: February 2026

Version 1.0

1. Purpose

This Data Processing Agreement (DPA) applies to the processing of personal data of users located in the European Union and other jurisdictions with similar data protection laws.

2. Roles

Xanivar acts as a Data Processor on behalf of users who are Data Controllers under GDPR. Users remain responsible for ensuring lawful processing of their own personal data.

3. Scope of Processing

Xanivar processes personal data only to the extent necessary to:

  • Provide the Platform services
  • Comply with legal obligations
  • Protect rights and safety

4. Processing Details

Types of Data: Name, email, IP address, usage data, payment information

Processing Purpose: Service delivery, analytics, legal compliance

Duration: For the duration of service plus any legally required retention

5. Data Subject Rights

Xanivar ensures all GDPR rights are honored:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

6. Security Measures

Xanivar implements technical and organizational measures to protect personal data, including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits
  • Incident response procedures

7. Sub-processors

Xanivar may engage sub-processors for services including hosting (Supabase), payments (Stripe), and analytics. Users have the right to object to new sub-processors.

8. Data Transfers

Personal data may be transferred outside the EU. Xanivar ensures appropriate safeguards through Standard Contractual Clauses or other lawful mechanisms.

9. Data Breaches

Xanivar will notify users of any data breach within 72 hours or as required by law. Users will receive information about the breach and mitigation measures.

10. Data Deletion

Users may request deletion of their data at any time (subject to legal retention requirements). Xanivar will comply within 30 days of verification.

11. Audit and Cooperation

Xanivar cooperates with data protection authorities and provides necessary documentation for GDPR compliance audits.

12. Term and Termination

This DPA remains in effect for as long as the Platform services are provided. Upon termination, Xanivar will delete or return personal data as directed.

13. Contact

For DPA-related questions, contact our Data Protection Officer at dpo@xanivar.com.