Data Processing Agreement

Last updated: February 18, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between RED Atlas ("Data Processor") and you ("Data Controller") and governs the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and similar regulations.

2. Definitions

For the purposes of this DPA:

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data
  • "Data Subject" means the individual to whom Personal Data relates
  • "Sub-processor" means any third party appointed by RED Atlas to process Personal Data

3. Scope and Purpose of Processing

RED Atlas will process Personal Data only:

  • On documented instructions from the Data Controller
  • For the purpose of providing the API services
  • In accordance with applicable data protection laws
  • As necessary to comply with legal obligations

4. Data Controller Obligations

The Data Controller warrants that:

  • It has the legal right to transfer Personal Data to RED Atlas
  • It has obtained all necessary consents from Data Subjects
  • Processing instructions comply with applicable laws
  • It will inform RED Atlas of any restrictions on processing

5. Data Processor Obligations

RED Atlas undertakes to:

  • Process Personal Data only on documented instructions
  • Ensure confidentiality of persons authorized to process Personal Data
  • Implement appropriate technical and organizational security measures
  • Assist the Data Controller in responding to Data Subject requests
  • Notify the Data Controller of any Personal Data breaches
  • Delete or return Personal Data upon termination of services

6. Security Measures

RED Atlas implements the following security measures:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and multi-factor authentication
  • Regular security audits and penetration testing
  • Incident response and breach notification procedures
  • Employee training on data protection
  • Physical security of data centers

7. Sub-processors

RED Atlas may engage sub-processors to assist in providing services. Current sub-processors include:

  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors
  • Email service providers
  • Analytics and monitoring services

We will notify you of any changes to sub-processors and provide an opportunity to object.

8. International Data Transfers

Personal Data may be transferred to countries outside the European Economic Area. RED Atlas ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms

9. Data Subject Rights

RED Atlas will assist the Data Controller in fulfilling Data Subject rights requests, including:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object

10. Data Breach Notification

In the event of a Personal Data breach, RED Atlas will:

  • Notify the Data Controller without undue delay (within 72 hours)
  • Provide details of the breach and affected data
  • Describe measures taken to address the breach
  • Assist in notifying supervisory authorities and Data Subjects if required

11. Audits and Compliance

RED Atlas will make available to the Data Controller information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Data Controller or an authorized auditor.

12. Data Retention and Deletion

Upon termination of services, RED Atlas will:

  • Delete or return all Personal Data to the Data Controller
  • Delete existing copies unless required by law to retain
  • Provide certification of deletion upon request

13. Liability and Indemnification

Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.

14. Term and Termination

This DPA will remain in effect for as long as RED Atlas processes Personal Data on behalf of the Data Controller.

15. Contact Information

For questions regarding this DPA or data protection matters, please contact:

Email: contact@atlas.red
Data Protection Officer
RED Atlas