Data Processing Agreement (DPA)

Effective Date: 02-07-2025
Last Updated: 02-07-2025

This Data Processing Agreement (DPA) forms part of the agreement between AuthLN, Inc. and its customers to define the responsibilities regarding the processing, security, and privacy of personal data. This document aligns with GDPR, CCPA, and industry best practices.

1. Roles & Responsibilities

Is AuthLN a Data Controller or Data Processor?

AuthLN primarily operates as a Data Controller because:
✔ We determine the purpose and means of processing user data for account creation and service delivery.
✔ We collect user data through our website, forms, and third-party services.
✔ We do not process data on behalf of other companies or clients.

However, AuthLN may act as a Data Processor when:
✔ Processing data collected by a client and following their instructions (if applicable in the future).

At this time, AuthLN is primarily a Data Controller.

2. Subprocessor Details

A subprocessor is any third-party vendor that processes personal data on behalf of a company. AuthLN does not currently have subprocessors, but we do use third-party services to host and manage data.

Third-Party Services Used

✔ Squarespace – Website hosting & content management
✔ Google Analytics – Website traffic analysis & performance tracking
✔ Microsoft Azure – Cloud infrastructure & security
✔ Amazon Web Services (AWS) – Data hosting & storage

These services do not act as subprocessors because they do not process personal data beyond what is necessary for AuthLN’s own operational needs.

3. Security Measures

AuthLN follows best security practices to protect user data, including:

✔ SSL Encryption: All data transmitted between users and our servers is encrypted using SSL/TLS.
✔ Access Controls: User data is restricted to authorized personnel only.
✔ Cloud Security Compliance: All data is securely stored on AWS & Azure, which follow SOC 2, ISO 27001, and GDPR security standards.
✔ Regular Security Reviews: We periodically review our security measures to ensure compliance with industry best practices.

4. Data Subject Requests (User Rights Management)

AuthLN supports user rights in compliance with GDPR & CCPA. Users may:

✔ Request Access – Obtain a copy of their personal data.
✔ Request Correction – Update incorrect or incomplete information.
✔ Request Deletion ("Right to be Forgotten") – Have personal data erased, unless legally required to retain it.
✔ Restrict Processing – Limit how their data is used under certain circumstances.
✔ Withdraw Consent – Stop data processing for marketing or analytics purposes.

How to Submit a Data Request

📧 Email privacy@authln.com with the subject line "Data Request".
🕒 Requests will be processed within 30 days as per GDPR requirements.

If identity verification is needed, AuthLN may request proof of identity before fulfilling requests.

5. Breach Notification Policy

AuthLN follows industry best practices for data breach detection and response:

✔ Incident Detection & Containment – Any potential security breach is immediately investigated.
✔ User Notification – If a data breach occurs:

• Affected users will be notified within 72 hours as per GDPR and CCPA regulations.

• Notifications will be sent via email or posted on our website (if applicable).
  ✔ Regulatory Compliance – If legally required, AuthLN will inform data protection authorities of the breach.
  ✔ Mitigation Steps – Security teams will work to contain, assess, and resolve the breach as quickly as possible.

Breach Notification Details

If a breach occurs, affected users will be informed of:
✔ What happened (nature of the breach)
✔ What data was exposed (if applicable)
✔ Steps taken to fix the issue
✔ How to protect yourself (if necessary)

For urgent security matters, users can contact security@authln.com.

6. Updates to This DPA

AuthLN may update this Data Processing Agreement periodically. If significant changes occur, we will notify users via:
✔ A website notice
✔ An email to affected users

7. Contact Information

For any data processing inquiries, please contact:

📧 Email: privacy@authln.com
📧 Security Inquiries: security@authln.com
📍 Address: AuthLN, Inc., 6605 Longshore Street, Suite 240 #136, Dublin, OH 43017-2774