Last updated: July 16, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between ECODrIx Private Limited ("Processor") and the customer ("Controller"). It governs our processing of personal data contained in Customer Data on your behalf and reflects obligations under India's DPDP Act, 2023 and, where applicable, GDPR Article 28.
For Customer Data you upload and process through the platform, you are the Controller (data fiduciary) and ECODrIx is the Processor (data processor). We process such data only on your documented instructions, which include your configuration and use of the Service.
You authorise us to engage sub-processors to provide the Service. We maintain a current list on our Sub-processors page and impose data-protection terms on them no less protective than this DPA. We will give notice of intended changes so you may object on reasonable grounds.
We maintain measures including encryption in transit and at rest, access controls, network security, logging, and regular review. Details are described on our Security page, which forms part of this DPA.
Where we transfer personal data across borders, we implement lawful transfer mechanisms and contractual safeguards consistent with the DPDP Act and, where applicable, GDPR.
We will notify you without undue delay after becoming aware of a personal data breach affecting your Customer Data, and provide information reasonably available to help you meet your notification obligations. Security contact: [email protected].
On termination, you may export Customer Data for a limited period. After that period, we will delete or anonymise Customer Data except where retention is required by law, and back-ups are purged on our routine cycle.
On reasonable prior written notice and subject to confidentiality, we will provide relevant documentation and respond to reasonable audit requests to demonstrate compliance with this DPA. To request this DPA as a countersigned document, contact [email protected].