DPA for customer data

DPA

• Roles and scope

  When ipop processes personal data on behalf of a customer to provide the service, the customer acts as controller or business and ipop acts as processor or service provider.

• Processing instructions

  We process customer personal data only to provide, secure, support, and improve the service; follow documented customer instructions; and comply with applicable law.

• Security measures

  The service uses workspace isolation, scoped credentials, approval gates, audit logs, and reasonable technical and organizational safeguards appropriate to the data processed.

• Subprocessors

  We may use hosting, payment, analytics, email, and model providers as subprocessors where needed to run ipop. We remain responsible for subprocessors we engage for the service.

• Data-subject rights

  Customers and data subjects can request access, export, deletion, correction, objection, or restriction by emailing support@ipop.ai. We may verify requests before acting.

• Return, deletion, and transfers

  On termination or verified request, we delete or return personal data unless retention is required for legal, security, billing, or audit obligations. Where transfer mechanisms are required, the parties use an appropriate lawful mechanism.