Legal

Data Processing Addendum

Last updated: June 1, 2026

This Data Processing Addendum (“DPA”) forms part of the agreement between you (“Controller”) and MachineCert (“Processor”) and reflects the parties’ commitments regarding the processing of personal data, including under the GDPR and similar laws.

This document is provided for general information and is not legal advice. Final published terms should be reviewed by counsel.

01Scope & roles

  • MachineCert processes personal data as a Processor on behalf of the Controller, only to provide the service and per documented instructions.

02Nature of processing

  • Processing is limited to what is necessary to deliver certificate discovery, monitoring, and automation.
  • MachineCert processes certificate metadata and account data; it does not process private keys.

03Subprocessors

  • MachineCert engages subprocessors under written contracts imposing equivalent data-protection obligations.
  • A current subprocessor list is available via the Trust Center, and we provide notice of material changes.

04Security measures

  • Encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access, audit logging, and a documented incident-response process.
  • Deployment models include SaaS, private cloud, on-premises, and air-gapped to support data-residency needs.

05Data subject requests

  • MachineCert assists the Controller in responding to data-subject requests to the extent required by applicable law.

06Personal data breach

  • MachineCert notifies the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s data.

07International transfers

  • Where applicable, transfers rely on standard contractual clauses or other lawful transfer mechanisms.

08Audits

  • MachineCert makes available information necessary to demonstrate compliance and supports audits as set out in the agreement.

09Return & deletion

  • On termination, MachineCert deletes or returns personal data as instructed, subject to legal retention requirements.

10Contact

  • For DPA execution or questions, contact us through the Contact page or your account team.
Privacy PolicyTerms of ServiceData Processing AddendumCookie PolicyTrust Center