Skip to main content
ARQERA
FeaturesOreOjuIntegrationsDocs
Request Early Access
Legal

Data Processing Agreement

How ARQERA processes personal data on behalf of our customers, in compliance with GDPR and applicable data protection laws.

Contact Sales

Scope & Definitions

ARQERA acts as a data processor on behalf of the customer (data controller). This agreement governs the processing of personal data transmitted to ARQERA through use of the platform, in accordance with GDPR Article 28 and applicable data protection laws.

Data Processing Details

Personal data processed includes names, email addresses, organisational roles, usage data, and any content uploaded to the platform. Processing purposes are limited to providing, maintaining, and improving the ARQERA service. Data is processed for the duration of the service agreement plus any legally required retention period.

Sub-processor Obligations

ARQERA engages vetted sub-processors to deliver parts of the service. Each sub-processor is bound by data protection obligations no less protective than those in this agreement. Customers are notified 30 days before any new sub-processor is added. See our full sub-processor list at /sub-processors.

Security Measures

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access controls enforce least-privilege principles with role-based access, MFA, and audit logging. In the event of a personal data breach, ARQERA will notify the customer without undue delay and within 72 hours of becoming aware.

Data Subject Rights

ARQERA assists customers in fulfilling data subject requests including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Requests are processed within the timeframes required by applicable law. Tools for data export and deletion are available in-app.

International Transfers

Where personal data is transferred outside the EEA, ARQERA relies on EU Standard Contractual Clauses (SCCs) as approved by the European Commission. Customers may configure data residency to restrict processing to EU-based infrastructure where available.

Audit Rights

Customers have the right to audit ARQERA's compliance with this agreement. ARQERA will make available all information necessary to demonstrate compliance and allow for audits conducted by the customer or an appointed third-party auditor, subject to reasonable notice and confidentiality obligations.

Termination & Data Return

Upon termination of the service agreement, ARQERA will return all personal data to the customer in a structured, commonly used, machine-readable format within 30 days. After data return is confirmed, all copies are securely deleted from ARQERA systems within 90 days, unless retention is required by law.

Need a signed DPA?

Contact our sales team to receive a countersigned Data Processing Agreement for your organisation.

Contact Sales

Product

  • Ore
  • Oju
  • Integrations

Solutions

  • For Developers
  • For Operations
  • For Startups
  • Compliance

Resources

  • Documentation
  • FAQ
  • Open Source

Company

  • About
  • Security
  • Privacy
  • Terms
  • Cookies
  • Legal
© 2026 ARQERA. All rights reserved.