Data Processing Addendum (DPA)

Last updated: 2026-04-22

Version: dpa-2026-04-22-v2

This DPA applies when SekyuSeal processes personal data on behalf of a customer in connection with the Services.

1. Roles

Customer is the controller (or business) and SekyuSeal is the processor (or service provider), except where SekyuSeal acts as an independent controller for account security, abuse prevention, or legal compliance data.

2. Processing Instructions

SekyuSeal processes personal data only on documented customer instructions, including use of product settings, APIs, and administrative controls.

3. Nature and Purpose

Processing includes document workflow execution, signer communication, audit logging, evidence retention, security monitoring, and support operations.

4. Data Types and Data Subjects

5. Security Measures

SekyuSeal implements reasonable technical and organizational safeguards including access controls, encryption in transit, audit logging, and abuse protections.

6. Subprocessors

SekyuSeal may use subprocessors for hosting, storage, and communications. Subprocessors are contractually required to protect personal data with appropriate safeguards.

7. International Transfers

Where cross-border transfers occur, SekyuSeal applies legally recognized transfer mechanisms, such as standard contractual clauses, where required.

8. Assistance and Rights Requests

SekyuSeal provides reasonable assistance to customers responding to data subject requests and regulatory obligations, taking into account the nature of processing.

9. Deletion and Return

Upon customer request or account termination, SekyuSeal will delete, return, or anonymize personal data unless retention is required by law, legal hold, tax, fraud-prevention, or signature evidence obligations.

10. Audit Information

SekyuSeal may provide information reasonably necessary to demonstrate compliance obligations under this DPA, subject to confidentiality and security safeguards.