Skip to main content

Data Processing Agreement

Last updated: February 1, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between AntiProxies ("Processor", "we", "us") and you ("Controller", "Customer") and governs the processing of personal data by us on your behalf.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Sub-processor" means any third party engaged by us to process Personal Data.
  • "Data Protection Laws" means GDPR and other applicable data protection legislation.

2. Scope and Purpose

Self-Hosted Databases

When you use our self-hosted databases, all lookups and data processing happen entirely on your infrastructure. AntiProxies does not receive or process any of your users' Personal Data in this model. This DPA's processor obligations apply only to account and billing data we hold about you as a customer.

3. Controller Obligations

You warrant that:

  • You have the legal authority to process Personal Data and to instruct us to do so
  • You have informed Data Subjects about the processing as required by Data Protection Laws
  • Your instructions comply with applicable laws
  • You have obtained any necessary consents for the processing

4. Processor Obligations

We agree to:

  • Process Personal Data only on your documented instructions
  • Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to Data Subject requests
  • Assist you in meeting your obligations under Data Protection Laws
  • Delete or return Personal Data upon termination of Services
  • Make available information necessary to demonstrate compliance

5. Security Measures

We implement and maintain appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • Access controls with role-based permissions
  • Multi-factor authentication for system access
  • Regular security assessments and penetration testing
  • Incident detection and response procedures
  • Business continuity and disaster recovery plans
  • Employee security awareness training

6. Sub-processors

You authorize us to engage Sub-processors to process Personal Data. We will:

  • Maintain a list of current Sub-processors available upon request
  • Provide notice before adding new Sub-processors
  • Ensure Sub-processors are bound by data protection obligations consistent with this DPA
  • Remain liable for Sub-processor compliance

You may object to a new Sub-processor within 14 days of notification. If we cannot accommodate your objection, you may terminate the affected Services.

7. International Transfers

We may transfer Personal Data outside the EEA. Such transfers are protected by:

  • EU Standard Contractual Clauses (Module Two: Controller to Processor)
  • Other legally approved transfer mechanisms

The Standard Contractual Clauses are incorporated by reference into this DPA.

8. Data Subject Rights

We will assist you in responding to Data Subject requests to exercise their rights under Data Protection Laws. If we receive a request directly, we will promptly notify you unless legally prohibited.

9. Data Breach Notification

We will notify you without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data breach. The notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

10. Audits

Upon reasonable request, we will make available information necessary to demonstrate compliance with this DPA. You may conduct audits (or appoint an auditor) with reasonable advance notice, during business hours, and subject to confidentiality obligations.

11. Data Retention and Deletion

Upon termination of Services, we will delete or return all Personal Data within 30 days, unless retention is required by law.

12. Liability

Each party's liability under this DPA is subject to the limitations set forth in our Terms of Service.

13. Term

This DPA remains in effect for as long as we process Personal Data on your behalf.

14. Contact

For questions about this DPA, contact us at dpo@antiproxies.com.

Need a signed DPA?

Enterprise customers can request a countersigned DPA. Contact our team to get started.

Request Signed DPA