PipeRich Legal

Data Processing Agreement

DPA governing the processing of personal data on behalf of enterprise customers

Data Processing Agreement

Effective April 1, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other written or electronic agreement between PipeRich, Inc. ("Processor") and the Customer ("Controller") for the purchase and use of the Services.

PipeRich-DPA-2026.pdf
PDF245 KB
OpenDownload
Sign DPA
Enterprise customers can execute the DPA electronically via our signing portal.
Sign DPA

You will be redirected to our document signing portal. An authorized signatory from your organization is required.

1. Definitions

"Controller" means the entity that determines the purposes and means of processing Personal Data.

"Processor" means PipeRich, which processes Personal Data on behalf of the Controller.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, erasure, or destruction.

"Data Subject" means an identified or identifiable natural person to whom Personal Data relates.

"Subprocessor" means any third party engaged by PipeRich to process Personal Data in connection with the Services.

"Applicable Data Protection Law" means all laws and regulations applicable to the processing of Personal Data, including the GDPR, CCPA, and other applicable national and state laws.

2. Processing Details

2.1 Subject Matter

PipeRich processes Personal Data solely for the purpose of providing the Services as described in the applicable Order Form and Terms of Service.

2.2 Duration

PipeRich will process Personal Data for the duration of the Services agreement and for any additional period required by applicable law.

2.3 Nature and Purpose

The nature and purpose of processing is to provide the Services, including hosting, storage, analytics, and related support activities.

2.4 Types of Personal Data

The types of Personal Data processed may include: contact information (name, email, phone), usage data, and any Personal Data uploaded or submitted by Customer or its Users through the Services.

2.5 Categories of Data Subjects

Data Subjects may include Customer's employees, contractors, customers, and other individuals whose Personal Data is submitted to the Services.

3. Processor Obligations

PipeRich shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that persons authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to Data Subject requests
  • Delete or return all Personal Data upon termination of Services
  • Make available all information necessary to demonstrate compliance
  • Notify the Controller without undue delay upon becoming aware of a Personal Data breach

4. Sub-processing

4.1 Authorized Subprocessors

The Controller authorizes PipeRich to engage Subprocessors to process Personal Data. PipeRich maintains a current list of Subprocessors at piperich.com/legal/subprocessors.

4.2 Subprocessor Obligations

PipeRich shall impose data protection obligations equivalent to those set out in this DPA on all Subprocessors.

4.3 Changes to Subprocessors

PipeRich will notify the Controller of any intended additions or replacements to Subprocessors with at least 30 days advance notice. The Controller may object to new Subprocessors in writing within 14 days of such notification.

5. Data Subject Rights

PipeRich shall assist the Controller in fulfilling its obligations to respond to Data Subject requests for exercising rights of access, rectification, erasure, restriction, portability, and objection. PipeRich will promptly notify the Controller if it receives a request directly from a Data Subject.

6. Security Measures

PipeRich implements and maintains appropriate technical and organizational measures including:

  • Encryption of Personal Data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and least-privilege principles
  • Regular vulnerability assessments and penetration testing
  • Employee security awareness training
  • Incident detection and response capabilities
  • Business continuity and disaster recovery procedures

7. Audits and Inspections

Upon Controller's reasonable written request, PipeRich shall provide relevant information necessary to demonstrate compliance with this DPA. PipeRich may satisfy audit requests by providing up-to-date third-party audit reports (SOC 2 Type II, ISO 27001) in lieu of Customer-initiated audits.

8. Termination

Upon termination of the Services, PipeRich shall, at the Controller's choice, delete or return all Personal Data and delete existing copies thereof, unless applicable law requires storage of Personal Data.

Privacy Policy

How PipeRich collects, uses, and protects your personal information

Subprocessors

Third-party service providers that process personal data on behalf of PipeRich

On this page

Data Processing Agreement1. Definitions2. Processing Details2.1 Subject Matter2.2 Duration2.3 Nature and Purpose2.4 Types of Personal Data2.5 Categories of Data Subjects3. Processor Obligations4. Sub-processing4.1 Authorized Subprocessors4.2 Subprocessor Obligations4.3 Changes to Subprocessors5. Data Subject Rights6. Security Measures7. Audits and Inspections8. Termination