Data Processing Agreement

Last updated: February 19, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other master agreement ("Agreement") between Hyperping SAS ("Hyperping", "we", "us", or "our") and the Customer ("Customer", "you", or "your"). It reflects the parties' agreement regarding the processing of Personal Data in accordance with applicable data protection laws.

In the event of any conflict between this DPA and the Agreement, the terms of this DPA shall prevail with respect to the processing of Personal Data.

1. Definitions

Unless otherwise defined in this DPA, capitalized terms have the meaning given in the Agreement.

  • "Personal Data" means any information relating to an identified or identifiable natural person that the Customer or its end users provide, upload, or make accessible through Hyperping's services, processed by Hyperping solely on the Customer's behalf.
  • "Monitoring Data" refers to data collected through uptime and performance monitoring, such as response times, uptime/downtime logs, SSL certificate information, synthetic check results, cron job statuses, and similar metrics.
  • "Usage Data" refers to information about how the Customer and its users interact with the services, including activity logs, configurations, alert settings, and operational data used to improve and maintain the services.
  • "Status Page Data" refers to content managed via status pages, including incident reports, maintenance schedules, subscriber email addresses and notification preferences, component statuses, and published information.
  • "Data Protection Laws" refers to all applicable data protection and privacy laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, Swiss Federal Data Protection Act, California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy regulations.
  • "Personal Data Breach" means any confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • "Sub-processor" means any third-party contractor engaged by Hyperping to process Personal Data on behalf of the Customer.
  • "Services" means the Hyperping services (uptime monitoring, status pages, incident alerting, on-call management, and related offerings) as defined in the Agreement.

The terms "Controller", "Processor", "Data Subject", "Processing" (and "Process"), "Business", "Service Provider", and "Supervisory Authority" have the meanings given under the relevant Data Protection Laws.

2. Role of the Parties

2.1 The Customer acts as the Data Controller (or "Business" under CCPA), and Hyperping acts as the Data Processor (or "Service Provider" under CCPA). The Customer determines the purposes and means of processing; Hyperping processes data on the Customer's behalf.

2.2 If the Customer is itself a Processor for a third-party Controller, Hyperping acts as a Sub-processor. The obligations in this DPA remain the same.

2.3 In certain limited cases (e.g., Hyperping processing its own account/contact data as a Controller), each party acts as an independent Controller and will comply with Data Protection Laws accordingly. This DPA primarily governs Hyperping's role as a Processor.

3. Processing of Personal Data

3.1 Customer's Obligations

The Customer shall:

  • Provide documented, lawful instructions for the processing of Personal Data
  • Ensure all Personal Data provided to Hyperping has been collected lawfully with any necessary consents or legal bases
  • Ensure processing instructions do not cause Hyperping to violate Data Protection Laws
  • Take responsibility for the accuracy, quality, and legality of Personal Data provided
  • Not provide Hyperping with Personal Data that is unnecessary, unlawful, or in breach of the Agreement
  • Indemnify Hyperping against claims arising from Customer's breach of these obligations

3.2 Hyperping's Obligations

Hyperping shall:

  • Process Personal Data only on documented instructions from the Customer, unless required by law (in which case Hyperping will inform the Customer before processing, unless prohibited)
  • Comply with all applicable Data Protection Laws
  • Inform the Customer if an instruction appears to violate Data Protection Laws
  • Implement appropriate technical and organizational security measures (see Section 7)
  • Ensure authorized personnel are subject to confidentiality obligations and receive data protection training
  • Never sell Personal Data or use it for purposes other than providing the Services
  • Notify the Customer of any Personal Data Breach without undue delay (see Section 8)

3.3 The subject matter, nature, purpose, and duration of processing, as well as types of Personal Data and categories of Data Subjects, are described in Annex A.

4. Sub-processors

4.1 General Authorization. The Customer authorizes Hyperping to engage Sub-processors listed in Annex B. The current list is also available at hyperping.com/subprocessors.

4.2 Sub-processor Obligations. Hyperping ensures Sub-processors are bound by data protection obligations no less protective than this DPA. Hyperping remains liable for its Sub-processors' performance.

4.3 Notice and Objection. Hyperping will provide at least 14 days' advance notice of changes to the Sub-processor list. The Customer may object in writing within 7 days on reasonable data protection grounds. The parties will discuss in good faith. If no resolution is reached, Customer may terminate the affected services as its sole remedy. If no objection is made within 7 days, the new Sub-processor is deemed accepted.

4.4 Essential Sub-processors. Certain Sub-processors (e.g., cloud hosting) are essential to the Services. Objecting to an essential Sub-processor may require suspension or termination of the service, with a pro-rata refund of prepaid fees.

4.5 Emergency Replacement. If Hyperping urgently needs to replace a Sub-processor (e.g., for security or continuity), it will notify the Customer as soon as practicable. The Customer retains the right to object after the fact.

5. Data Subject Rights

5.1 If Hyperping receives a Data Subject request, it will redirect the individual to the Customer or forward the request. Hyperping will not independently respond to Data Subject requests.

5.2 The Customer is responsible for responding to Data Subject requests. Hyperping provides tools (dashboard features for data export and deletion) to assist.

5.3 Hyperping will assist the Customer in fulfilling Data Subject requests through appropriate technical and organizational measures.

5.4 If Hyperping receives a legally binding request from a public authority for Customer Personal Data, it will inform the Customer (unless prohibited by law) before responding, and will disclose only the minimum necessary.

6. Confidentiality

Hyperping ensures that personnel with access to Personal Data are subject to confidentiality obligations, have access on a need-to-know basis, and are trained on data protection responsibilities. These obligations survive termination of this DPA.

7. Security Measures

7.1 Hyperping maintains appropriate technical and organizational security measures, including:

  • Encryption: Data encrypted in transit (HTTPS/TLS 1.2+) and at rest (LUKS, AES-256)
  • Secure Infrastructure: Data centers with 24/7 monitoring, biometric access controls, and redundancy. Infrastructure providers hold SOC 2 and ISO 27001 certifications.
  • Access Controls: Role-based access, multi-factor authentication, regular access reviews
  • Vulnerability Management: Regular scanning, penetration testing, timely patching, and code reviews
  • Backup and Recovery: Regular encrypted backups with tested disaster recovery procedures
  • Monitoring and Incident Response: 24/7 system monitoring, incident response plan, and prompt remediation

Hyperping may update security measures provided they do not materially reduce protection levels. Details are available at hyperping.com/security.

7.2 The Customer is responsible for securing their own account credentials, API keys, and configurations, and for using available security features (SSO, access roles, etc.).

8. Personal Data Breaches

8.1 Hyperping will notify the Customer without undue delay upon becoming aware of a Personal Data Breach, providing sufficient information for the Customer to meet regulatory notification obligations. Information may be provided in phases as it becomes available.

8.2 Hyperping will promptly contain, investigate, and mitigate any breach, and cooperate with the Customer on remediation and notifications. Notification is not an acknowledgment of fault.

8.3 The Customer determines whether notifications to Data Subjects or authorities are required. Hyperping will assist with available information and reasonable remedial measures.

9. Audits

9.1 The Customer may audit Hyperping's compliance with this DPA. Hyperping will provide information reasonably necessary to demonstrate compliance.

9.2 Audits require at least 14 days' written notice, must be conducted during business hours without unreasonable disruption, and are limited to once per 12-month period (unless required by a supervisory authority or following a significant breach).

9.3 Third-party auditors must be mutually agreed, execute confidentiality agreements, and may not be direct competitors of Hyperping.

9.4 Hyperping may provide third-party certifications, audit reports, or penetration test summaries to satisfy audit requests.

9.5 The Customer bears its own audit costs plus reasonable costs incurred by Hyperping. If an audit reveals material non-compliance, Hyperping will remediate at its own expense.

10. Return or Deletion of Data

10.1 Upon termination of the Agreement, Hyperping will, at Customer's choice, return or delete all Customer Personal Data within 30 days, except where retention is required by law.

10.2 If no request is received, Hyperping will delete Customer Personal Data from active systems within 30 days following termination.

10.3 During the term, Customer can delete data via the dashboard at any time (monitors, incidents, subscribers, etc.).

10.4 Backup copies are purged according to Hyperping's retention schedule (30-day daily, 12-week weekly, 12-month monthly). Residual data in backups is protected from processing until deleted.

10.5 Upon request, Hyperping will confirm in writing that deletion has been completed.

11. International Transfers

11.1 Customer Personal Data is primarily stored in the EU (Frankfurt, Germany). Transient monitoring data may be processed globally at probe servers, but primary storage remains in the EU.

11.2 The Customer authorizes Hyperping and its Sub-processors to transfer Personal Data internationally as needed, subject to the safeguards below.

11.3 For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, the parties rely on: (a) EU Standard Contractual Clauses (SCCs); (b) the EU-US Data Privacy Framework where applicable; or (c) other legally recognized mechanisms. A copy of applicable transfer mechanisms is available upon request.

11.4 If a transfer mechanism becomes insufficient, the parties will cooperate in good faith to implement additional measures or alternative solutions.

11.5 Hyperping will not grant third parties (including government agencies) direct access to Customer Personal Data unless required by law. If compelled, Hyperping will provide the minimum necessary and inform the Customer where legally permitted.

12. Miscellaneous

12.1 Confidentiality. Both parties keep this DPA and related information confidential per the Agreement.

12.2 Notices. All notices must be in writing. Email delivery has the same legal effect as paper.

12.3 Liability. Liability under this DPA is subject to the limitations in the Agreement. Claims under this DPA are subject to the aggregate liability cap in the Agreement.

12.4 Governing Law. This DPA is governed by the laws of France. Disputes are subject to the exclusive jurisdiction of the courts of Paris, France.

12.5 Precedence. In case of conflict, this DPA prevails over the Agreement solely regarding Personal Data processing.

12.6 Term. This DPA remains in effect as long as Hyperping processes Personal Data under the Agreement. Sections that by nature should survive termination will survive.

12.7 Changes. Hyperping may update this DPA with notice to the Customer. Material changes provide an opportunity to object or terminate. Continued use constitutes acceptance.

12.8 Entire Agreement. This DPA and the Agreement represent the parties' entire understanding regarding Personal Data processing.

Annex A — Details of Processing

Nature and Purpose of Processing

Hyperping processes Customer Personal Data to provide uptime monitoring, alerting, status page management, incident management, on-call scheduling, and related services. This includes monitoring availability and performance, sending notifications, managing status page subscriptions, and providing customer support and account administration.

Duration of Processing

For the duration of the Agreement, plus any retention period required by law or specified in the DPA.

Categories of Data Subjects

  • Customer's employees and team members (authorized platform users)
  • Customer's end users whose services are monitored
  • Individuals subscribing to status page updates
  • Other individuals whose data is submitted to Hyperping by the Customer

Categories of Personal Data

  • Contact Information: Names, email addresses, phone numbers
  • Account Data: Usernames, hashed passwords, profile details, company name
  • Status Page Subscriber Data: Email addresses, notification preferences
  • Monitoring Data: IP addresses, URLs, response times, error logs, HTTP response codes, SSL certificate details
  • Notification Data: Slack webhook URLs, Teams channel IDs, SMS numbers, integration identifiers
  • Support Communications: Names, emails, and content in support interactions

Special Categories of Data

Hyperping does not require or intend to collect special categories of personal data (health, race, political opinions, etc.) or data about children under 16. The Customer should not submit such data unless explicitly agreed.

Annex B — Authorized Sub-processors

The current list of Sub-processors is maintained at hyperping.com/subprocessors.

Sub-processorDescriptionLocation
DigitalOcean, LLCPrimary cloud hosting, databases, and object storageEU (Frankfurt, Germany)
Amazon Web Services, Inc.Monitoring infrastructure, S3 storage, computeGlobal (primary EU and US)
Scaleway SASEU-based monitoring infrastructureEU (Paris/Amsterdam)
Vercel, Inc.Status page hosting and marketing websiteGlobal (primary US and EU)
Cloudflare, Inc.CDN, DDoS protection, SSL/TLS managementGlobal
Stripe, Inc.Payment processing and subscription billingUnited States (PCI-DSS Level 1)
Twilio, Inc.SMS and phone call alert deliveryUnited States (global routing)
Twilio SendGridEmail delivery for alerts and notificationsUnited States (global delivery)
Google LLCSingle Sign-On (OAuth) authenticationUnited States (global)
WorkOS, Inc.Enterprise SSO (SAML, Okta, Azure AD)United States
Segment (Twilio Segment)Product analytics and event trackingUnited States
Sentry (Functional Software, Inc.)Error tracking and performance monitoringUnited States

Hyperping will update this list as needed on its website and via notice to Customer, in accordance with Section 4 of this DPA.


Hyperping SAS
50 Avenue des Champs-Élysées, 75008 Paris, France
hello@hyperping.io

Hyperping logo
50 Avenue des Champs-Élysées
75008 Paris, France
Product
MonitoringUptime monitoringWebsite monitoringStatus PagePublic status pagesSynthetic monitoringCron job monitoringCron job alertsIncident ManagementSSL monitoringSSL certificatesEscalation policiesPhone call alertsGoogle SSOPricingFeatures
Use Cases
SaaS & StartupsAgenciesEducationCloud & HostingEnterprise
Resources
BlogDocsIntegrationsWhy HyperpingAPI ReferenceCustomersEnterpriseStatus page examplesAlternativesData Processing AgreementSub-processorsService Level Agreement
Tools
SLA calculatorUptime calculatorDowntime cost calculatorCron expression generatorCron monitoringWebsite speed testWhat's my IP addressCompareBadge builder
Socials
socials-twittersocials-producthunt
hello@hyperping.io
Terms of ServicePrivacy PolicyCookie PolicySecurity & GDPR EuropeSLA