Data Processing Agreement (DPA)
Last updated: 2025-12-15 (v1.0)
This Data Processing Agreement applies to the use of the Circumflex service. For general information, see our Privacy Policy.
1. Parties and roles
- Data Controller: The customer (tenant)
- Data Processor: Circumflex AS, org. no. 928 728 684
This agreement applies automatically upon use of Circumflex.
2. Purpose and instructions
Circumflex AS processes personal data on behalf of the Data Controller to provide, operate, and maintain Circumflex.
Processing occurs only on documented instructions from the Data Controller.
3. Categories of personal data
- Name and email address
- User roles and access information
- Logs and audit data
- Data entered by users in Circumflex
4. Duration
Processing continues for the duration of the customer relationship.
5. Location
All data is stored in Norway. Email is sent via Google (Gmail).
6. Security measures
- Role-based access control
- Encrypted communication (TLS)
- Logging and monitoring
7. Sub-processors
- Google – email delivery
8. Assistance and rights
- Access, rectification, and deletion
- Export of customer-entered data
9. Termination
Upon termination, data will be deleted or returned as instructed, unless retention is required by law.
10. Contact
See also: Privacy Policy