Data Processing Addendum
Last updated: December 2024
1. Purpose
This Data Processing Addendum ("DPA") describes how Northyx processes Customer Data when providing our services. It applies to business customers who act as data controllers and use Northyx as a data processor.
2. Roles & Definitions
"Customer Data" means information submitted by you or your users into the Northyx platform. You are the data controller. Northyx is the data processor and will process Customer Data only on your documented instructions.
3. Processing Instructions
We process Customer Data to provide, secure, and improve the service, including hosting, analytics, support, billing, and account management. You may request additional instructions in writing and we will comply when reasonably feasible.
4. Subprocessors
We use vetted subprocessors for infrastructure and payment processing. We remain responsible for their performance and require them to meet data protection obligations comparable to this DPA.
5. Security Measures
We implement technical and organizational measures designed to protect Customer Data, including access controls, encryption in transit, and secure authentication practices.
6. Data Residency
Northyx is designed with Canadian data residency in mind. Where possible, we prioritize Canadian storage and processing locations and will communicate material changes to this posture.
7. Data Breach Notification
We will notify you without undue delay after becoming aware of a security incident involving Customer Data and provide reasonable information about the incident.
8. Data Retention & Deletion
We retain Customer Data for the duration of your account and as required to provide the service or comply with legal obligations. Upon request, we will delete or return Customer Data subject to applicable legal requirements.
9. Contact
If you have questions about this DPA or need a signed copy, contact us at privacy@northyx.ca.