Data Processing Agreement

Last updated: June 2026

Enterprise customers requiring a signed DPA for GDPR, India DPDP Act, or HIPAA compliance should contact legal@iefyx.com. We typically execute within 2 business days.

1. Definitions

Data Controller means the Customer entity that determines the purposes and means of Processing of Personal Data. Data Processor means iSpyCyber Pvt. Ltd. (operating ieFyx), which processes Personal Data on behalf of the Controller.

2. Scope of Processing

ieFyx processes Personal Data solely to provide the platform services described in the Order Form. Processing activities include: storing vulnerability findings, user account data, audit logs, and compliance evidence uploaded by the Customer.

3. Sub-processors

ieFyx uses the following sub-processors: Amazon Web Services (hosting, India region), SendGrid (transactional email). Customers will be notified of material sub-processor changes 30 days in advance.

4. Data Retention & Deletion

Personal Data is retained for the duration of the subscription. Upon termination, Customers may request data export within 30 days, after which data is securely deleted within 90 days.

5. Security Measures

ieFyx implements AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, and annual penetration testing of the platform infrastructure.

6. Contact

Data Protection queries: privacy@iefyx.com