Last Updated: 14 February 2026
This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between Customer ("Controller") and Autheona ("Processor"). It governs the processing of Personal Data in connection with Autheona's intelligent verification services.
By using the Service, Customer agrees to this DPA. If you do not agree, you must discontinue use of the Service.
Autheona processes Customer Personal Data solely to deliver the Services and provide related support. Processing is limited to:
We process Personal Data only on documented instructions from Customer, unless required by law.
We agree to:
Customer must not submit sensitive or special category data (health, race, religion, political opinions, sexual orientation, biometric data, etc.) to our API.
If such data is submitted accidentally, we will delete it immediately upon discovery and notify Customer.
Customer represents and warrants that:
We implement appropriate technical and organizational measures to protect Personal Data, including:
Additional security details are available upon request.
We engage trusted subprocessors to help deliver the Services. Current subprocessors include:
We will provide Customer with notice of any intended changes to subprocessors. Customer may object to such changes within 7 days of notification.
We will notify Customer without undue delay (and in any event within 72 hours) of becoming aware of a Personal Data breach affecting Customer's data.
Notification will include:
We will cooperate with Customer and provide reasonable assistance in investigating and remedying the breach.
Currently, all data is stored and processed within the US. No transfers outside the US are conducted at this time.
If we initiate transfers outside the US in the future, we will:
Upon Customer request or termination:
We may retain anonymized or aggregated data indefinitely for service improvement and analytics.
We will complete reasonable security questionnaires about our data protection practices and provide relevant documentation upon request.
For enterprise Customers, additional audit rights may be negotiated in a separate agreement.
We will assist Customer with Data Protection Impact Assessments (DPIAs), prior consultations with supervisory authorities, and other reasonable compliance activities required under Data Protection Laws.
Assistance may be subject to additional fees for significant requests.
Each party's liability under this DPA is limited to fees paid by Customer to Autheona in the twelve (12) months preceding the claim.
This limitation does not apply to:
This DPA remains effective for the duration of Customer's use of the Services.
Data protection obligations under this DPA survive termination as required by Data Protection Laws.
We will delete or return Customer Personal Data upon termination in accordance with the Data Retention and Deletion section.
In the event of conflict between documents, the following order of precedence applies:
We may update this DPA to reflect changes in law, regulatory guidance, or our processing activities. Material changes will be communicated to Customer.
Continued use of the Services after changes constitutes acceptance of the updated DPA.
If you have any questions about this DPA, please contact:
Autheona