Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: March 2026

This Data Processing Agreement supplements the Master Services Agreement between Accorbis and each customer that uploads, stores, or transmits personal data using the Accorbis platform. It describes how Accorbis meets its obligations as a data processor or service provider under FERPA, HIPAA (where applicable), GDPR, CCPA/CPRA, and other regional privacy laws. The full executed DPA is available through your account team; this page summarizes the key commitments.

1. Roles and Processing

  • Accorbis acts as a data processor/service provider and processes personal data only according to written instructions from the customer (the data controller/business).
  • Processing is limited to providing platform functionality, managed updates, support, analytics, and security monitoring.
  • We do not sell or share customer personal data for advertising purposes.

2. Subprocessors

  • Accorbis maintains a list of authorized subprocessors, including hosting providers, monitoring tooling, and secure communication services.
  • Each subprocessor is reviewed for security posture and bound by agreements requiring equal or stronger safeguards.
  • Customers will be notified of material subprocessor changes and may object according to the procedures in the DPA.

3. Security Measures

  • Technical and organizational measures described on the Security Practices page apply to all customer data.
  • Encryption, logging, high-availability architecture, and access controls protect data in transit and at rest.
  • Accorbis will notify the designated customer contacts without undue delay after becoming aware of a confirmed data breach involving customer data.

4. Data Subject Rights

  • Accorbis assists customers with responding to data subject requests, including access, correction, deletion, and portability, by providing relevant logs or exports.
  • Customers control data retention through platform settings; upon termination, data is deleted according to contractual timelines.

5. International Transfers

  • When personal data is transferred outside its origin region, Accorbis relies on appropriate safeguards such as Standard Contractual Clauses or UK International Data Transfer Addenda.
  • Customers can request data residency details and third-country transfer assessments.

6. Audit and Compliance

  • Customers may request summary reports, penetration test results, or compliance questionnaires to confirm adherence to this DPA.
  • Reasonable on-site audits or interviews can be scheduled with advance notice, subject to confidentiality obligations.

To obtain a countersigned DPA or submit privacy questions, contact info@accorbis.com.