DoodadLabs

Data Processing Addendum (DPA)

Effective Date: February 4, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between DoodadLabs (the "Processor") and the customer (the "Controller") where DoodadLabs processes Personal Data on behalf of the Controller in connection with the Services.

This DPA is intended to satisfy the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Definitions

Terms used but not defined in this DPA have the meanings given in the UK GDPR or the Terms of Service.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: As defined in Article 4 of the UK GDPR.

  • Controller: The entity that determines the purposes and means of Processing.

  • Processor: DoodadLabs, which processes Personal Data on behalf of the Controller.

2. Scope and Roles

The Controller appoints DoodadLabs as a Processor to process Personal Data solely for the purpose of providing the Services.

The Controller is responsible for ensuring it has a lawful basis for processing Personal Data and for providing required notices to data subjects.

3. Processing Details

  • Subject matter: Web security services, traffic inspection, and threat detection

  • Duration: For the term of the Services

  • Nature and purpose: Detection, prevention, and mitigation of security threats

  • Types of Personal Data: IP addresses, request metadata, account identifiers, and security logs

  • Categories of Data Subjects: Website visitors, users, administrators

4. Processor Obligations

DoodadLabs shall:

  • Process Personal Data only on documented instructions from the Controller

  • Ensure personnel are bound by confidentiality obligations

  • Implement appropriate technical and organisational security measures

  • Assist the Controller with data subject requests where applicable

  • Notify the Controller of a personal data breach without undue delay

  • Delete or return Personal Data upon termination, unless retention is required by law

5. Sub-processors

The Controller authorises DoodadLabs to engage sub-processors as necessary to provide the Services.

DoodadLabs shall ensure sub-processors are subject to equivalent data protection obligations.

A current list of sub-processors may be made available upon request.

6. International Transfers

Where Personal Data is transferred outside the UK, DoodadLabs shall ensure appropriate safeguards are in place, including adequacy regulations or standard contractual clauses.

7. Data Subject Rights

DoodadLabs shall assist the Controller, where reasonably possible, in fulfilling data subject rights requests under UK GDPR.

8. Audits and Compliance

Upon reasonable request, DoodadLabs shall make available information necessary to demonstrate compliance with this DPA.

9. Liability

Liability arising from this DPA is subject to the limitations of liability set out in the Terms of Service.

10. Governing Law

This DPA is governed by the laws of England and Wales.

Contact Us

If you have questions or concerns about these Terms of Service, please contact us at:

Email: legal@doodadlabs.org