Data Processing Agreement

Version 1.0  ·  Effective May 12, 2026

This Data Processing Agreement ("DPA") applies to EU-based customers of CyberFence and governs how CyberFence Corp processes personal data on their behalf in accordance with GDPR Article 28.

By using CyberFence services, EU customers agree to the terms of this DPA, which is incorporated by reference into the Terms of Service.

Processor

CyberFence Corp
Contact: info@cyberfenceplatform.com

Scope

This DPA applies to the processing of personal data of EU data subjects by CyberFence Corp as a data processor acting on behalf of the customer (data controller) when the customer uses the CyberFence platform.

Data We Process

CyberFence processes only the data necessary to provide the service, including account information (name, email address), subscription status, device identifiers, and — for Breach Monitor subscribers — email addresses submitted for breach scanning.

Your Rights

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to erasure ("right to be forgotten") — available directly in the web app under Settings
  • Right to data portability — export your data from Settings → Export My Data
  • Right to object to processing
  • Right to restrict processing

To exercise any of these rights, contact info@cyberfenceplatform.com.

Security Measures

CyberFence implements industry-standard technical and organizational security measures, including AES-256 encryption for data in transit and at rest, access controls, and regular security reviews.

Data Breach Notification

In the event of a personal data breach, CyberFence will notify affected controllers within 24 hours of becoming aware of the breach, in accordance with GDPR Article 33.

Data Retention & Deletion

Personal data is retained only as long as the customer's account is active. Upon account termination, personal data is deleted within 30 days. Customers may request immediate full erasure through the web app or by contacting support.

International Data Transfers

Where personal data is transferred outside the European Economic Area, such transfers are governed by the EU Standard Contractual Clauses (Module 2: Controller to Processor), adopted by the European Commission in June 2021.

Sub-Processors

CyberFence may engage third-party sub-processors to assist in delivering the service (e.g., cloud infrastructure, authentication, subscription management, payment processing). A current list of sub-processors is available upon written request to info@cyberfenceplatform.com.

Governing Law

This DPA is governed by the laws of the Republic of Ireland, consistent with GDPR jurisdiction requirements for EU data subjects.

Download

A signed-ready PDF version of this DPA is available for download below.

Download DPA (PDF)

Version 1.0  ·  Effective May 12, 2026  ·  CyberFence Corp

Contact

Questions about this DPA or data processing practices? Email info@cyberfenceplatform.com.