Data Processing Agreement (DPA) for 2markdown

Last Updated: July 16, 2024

This Data Processing Agreement ("DPA") is part of the Terms of Service ("Principal Agreement") between 2markdown ("Company", "we", "our", "us") and you ("Customer" or "Data Controller"). This DPA governs the processing of personal data by the Company on behalf of the Customer in compliance with the General Data Protection Regulation (GDPR).

1. Definitions

  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.
  • Data Subject: The identified or identifiable natural person to whom personal data relates.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data.

2. Roles and Responsibilities

The Customer is the Data Controller of the personal data processed under this DPA. The Company is the Data Processor of the personal data processed under this DPA.

3. Processing Details

  • The subject matter involves the processing of personal data as part of providing the API services under the Principal Agreement.
  • The duration of the processing is the same as the duration of the Principal Agreement.
  • The nature and purpose of the processing are to provide the API services for converting URLs, HTML, and PDF content to markdown format.
  • The categories of data subjects are customers and any individuals whose personal data is processed as part of using our services.
  • The type of personal data processed involves email addresses, account information, API usage data, and temporary content for conversion.

4. Data Processing Locations

We currently process data in the European Union, specifically in Amsterdam (with Fly.io) and Germany (with Hetzner). We plan to implement additional processing locations in the US and Asia in the future, which will allow users to specify the location for content fetching and processing. However, user account data will always be processed within the EU.

5. Obligations of the Data Processor

  • We will process personal data only in accordance with the Customer's documented instructions.
  • We will ensure that personnel authorized to process personal data have committed to confidentiality.
  • We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • We will assist the Customer in responding to data subject requests to exercise their rights under the GDPR.
  • We will notify the Customer without undue delay upon becoming aware of a personal data breach.

6. Sub-processors

The Customer authorizes the Company to engage sub-processors for the processing of personal data. We will provide the Customer with a list of sub-processors upon request and notify the Customer of any changes to sub-processors.

7. Data Return and Deletion

Upon termination of the Principal Agreement, we will, at the Customer's choice, return or delete all personal data processed on behalf of the Customer, unless required to retain the data by law. Note that we do not store any converted content beyond the processing time required to deliver it to the Customer.

8. Audit Rights

The Customer has the right to audit our compliance with this DPA. We will provide reasonable cooperation and access to information necessary to demonstrate compliance.

9. Contact Us

If you have any questions about this DPA, please contact us at .