ibee
ibee
Get StartedAlready have an account? Log in →

Last updated: April 02, 2026

Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of and is incorporated into the Master Services Agreement, Terms of Service, Order Form, or other agreement governing the provision of services by IBEE to Customer (the “Agreement”).

This DPA is entered into by and between:

  • Customer: the entity agreeing to the Agreement; and
  • IBEE: the applicable IBEE contracting entity under the Agreement, being either or both of:
    • IBEE Solutions Private Limited
    • IBEE Software Solutions Inc

Each a “Party” and together the “Parties”.

This DPA applies where IBEE Processes Customer Personal Data on behalf of Customer in connection with the Services.

1. Definitions

For purposes of this DPA:

  • “Applicable Data Protection Law” means all laws and regulations applicable to the Processing of Customer Personal Data under the Agreement.
  • “Controller” means the entity that determines the purposes and means of the Processing of Personal Data.
  • “Customer Data” means any data, files, content, software, records, logs, backups, configurations, or other materials submitted to, stored on, transmitted through, or otherwise processed through the Services by or on behalf of Customer.
  • “Customer Personal Data” means Personal Data contained within Customer Data and Processed by IBEE on behalf of Customer under the Agreement.
  • “Data Subject” means an identified or identifiable natural person.
  • “Personal Data” means any information relating to an identified or identifiable natural person, or equivalent term under Applicable Data Protection Law.
  • “Personal Data Breach” means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data.
  • “Process” or “Processing” means any operation performed on Personal Data.
  • “Processor” means the entity that Processes Personal Data on behalf of a Controller.
  • “Services” means the cloud infrastructure and related services provided by IBEE under the Agreement, including, as applicable: Cloud VMs, GPU VMs, Bare Metal GPU, Managed Kubernetes, Object Storage, Block Storage, networking services, firewall services, load balancing, secret management, container registry, backups and snapshots, SSL certificate services, API access features, support services, and related platform functionality.
  • “Subprocessor” means any third party engaged by IBEE to Process Customer Personal Data on behalf of IBEE.
  • “SCCs” means the Standard Contractual Clauses approved by the European Commission, as amended or replaced from time to time.

2. Roles of the Parties

Customer acts as a Controller or Processor, as applicable, and IBEE acts as a Processor or Subprocessor, as applicable, with respect to Customer Personal Data.

Customer is responsible for the lawfulness of Customer Personal Data, the legal basis for Processing, and the accuracy, quality, and legality of the Customer Personal Data submitted to the Services.

If Customer is acting as a Processor, Customer represents that it is authorized by the relevant Controller to instruct IBEE to Process Customer Personal Data.

3. Scope of Processing

IBEE will Process Customer Personal Data only to provide, secure, maintain, and support the Services in accordance with the Agreement and Customer’s documented instructions.

The subject matter of the Processing is the provision of the Services. The nature of the Processing may include collection, storage, organization, hosting, transmission, retrieval, consultation, support access, backup, deletion, and destruction of Customer Personal Data.

Processing will continue for the duration of the Agreement and any limited period thereafter during which IBEE retains Customer Personal Data in accordance with the Agreement, this DPA, or applicable law.

4. Customer Instructions

IBEE will Process Customer Personal Data only on Customer’s documented instructions, as necessary to provide the Services, or as required by applicable law.

The Agreement, Customer’s use of the Services, account and service settings, API calls, administrative actions, support requests, and other written or electronic communications from Customer constitute Customer’s documented instructions.

If IBEE is required by law to Process Customer Personal Data other than on Customer’s instructions, IBEE will inform Customer before such Processing unless prohibited by law.

5. Confidentiality and Personnel

IBEE will ensure that persons authorized to Process Customer Personal Data are bound by appropriate confidentiality obligations and access Customer Personal Data only on a need-to-know basis for the purpose of providing, securing, or supporting the Services.

IBEE will provide appropriate privacy and security training to relevant personnel.

6. Security

IBEE will implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures may include, as appropriate to the Services and risk profile, access controls, authentication controls, encryption in transit and, where applicable, at rest, logging and monitoring, network segmentation, vulnerability management, patching, backup and recovery controls, incident response processes, and vendor review procedures.

IBEE may update its security measures from time to time, provided that such updates do not materially reduce the overall security of the Services.

Additional information regarding IBEE’s security program may be made available through its trust center at trust.ibee.ai.

7. Personal Data Breach

IBEE will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data.

To the extent available, the notification will include a description of the nature of the breach, the categories of data affected, the likely consequences, the measures taken or proposed, and a contact point for follow-up.

IBEE will take reasonable steps to identify, contain, investigate, mitigate, and remediate the Personal Data Breach.

8. Assistance

Taking into account the nature of the Processing and the information available to IBEE, IBEE will provide reasonable assistance to Customer in fulfilling Customer’s obligations under Applicable Data Protection Law, including with respect to security of Processing, breach notifications, impact assessments, and consultations with regulators where required.

If IBEE receives a request from a Data Subject relating to Customer Personal Data, IBEE will, to the extent legally permitted, notify Customer and not respond directly except as instructed by Customer or required by law.

To the extent such assistance is not already included in the Services, IBEE may charge reasonable costs for providing it.

9. Subprocessors

Customer authorizes IBEE to engage Subprocessors in connection with the provision of the Services.

IBEE will impose data protection obligations on Subprocessors that are no less protective than those set out in this DPA, as applicable to the services they perform, and IBEE will remain responsible for their acts and omissions to the extent required by law.

IBEE will make Subprocessor information available in its trust center or related legal documentation linked from trust.ibee.ai.

If IBEE adds or replaces a Subprocessor, it will provide notice by updating that information or by other reasonable means. If Customer reasonably objects on data protection grounds, the Parties will work in good faith to resolve the objection. If IBEE cannot reasonably accommodate the objection, Customer may terminate only the affected Services.

10. International Transfers

To the extent Customer Personal Data originating from the EEA, UK, or Switzerland is transferred to a jurisdiction not recognized as providing an adequate level of protection, the SCCs are incorporated into this DPA by reference.

Where required, the UK International Data Transfer Addendum and Swiss-required adaptations will apply.

IBEE will implement supplementary measures where required by Applicable Data Protection Law.

11. Audit and Compliance Information

IBEE will make available information reasonably necessary to demonstrate compliance with this DPA.

IBEE may satisfy this obligation by providing security and compliance documentation, audit summaries, certifications, questionnaires, or similar materials, including materials made available through trust.ibee.ai or under appropriate confidentiality restrictions.

If such materials are insufficient under applicable law, Customer may request a reasonable audit of IBEE’s relevant Processing activities, subject to prior notice, confidentiality obligations, reasonable scope limits, and minimal disruption to IBEE’s business and other customers.

Unless otherwise required by law or agreed in writing, Customer will bear the cost of any audit it requests.

12. Return and Deletion

During the term of the Agreement, Customer may access, export, or delete Customer Data using the functionality of the Services, where available.

Upon termination or expiration of the Agreement, IBEE will, upon Customer’s request and subject to the Agreement, return Customer Personal Data in a commercially reasonable format where feasible, and/or delete Customer Personal Data from active systems within a reasonable period.

Notwithstanding the foregoing, IBEE may retain Customer Personal Data to the extent required by applicable law, and Customer Personal Data may remain in backups, snapshots, or disaster recovery media until deleted or overwritten in the ordinary course.

Upon written request, IBEE will provide confirmation of deletion where reasonably practicable.

13. Infrastructure Service Responsibilities

Customer acknowledges that the Services are infrastructure and platform services. Customer determines what Customer Data it uploads, stores, hosts, transmits, or otherwise Processes through the Services.

Customer is responsible for configuring the Services in accordance with its privacy and security requirements, including access permissions, credentials, encryption keys, network exposure settings, region selection, retention settings, and backup or recovery choices.

Unless expressly stated otherwise in the Agreement, Customer remains responsible for determining whether to enable, purchase, manage, and test appropriate backup, recovery, and business continuity measures for its workloads and data.

Where IBEE provides support access or operational assistance, any access by IBEE personnel to Customer Personal Data will be limited to what is reasonably necessary to provide the requested support or service operations.

14. Restricted Data

Unless expressly agreed in writing, Customer will not use the Services to Process special categories of Personal Data or other highly sensitive regulated data where such use would impose obligations on IBEE beyond those expressly set out in the Agreement and this DPA.

If Customer intends to Process such data, the Parties must first agree in writing on any additional safeguards or requirements.

15. Liability, Term, and Governing Law

This DPA is effective as of the effective date of the Agreement and remains in effect until IBEE no longer Processes Customer Personal Data under the Agreement.

The liability of each Party arising out of or related to this DPA is subject to the exclusions and limitations of liability set out in the Agreement, except to the extent such limitation is prohibited by applicable law.

This DPA is governed by the governing law specified in the Agreement, except to the extent a different law is required by the SCCs or Applicable Data Protection Law.

Annex I — Details of Processing

Categories of Data Subjects may include Customer employees, contractors, end users, customers, prospects, partners, vendors, and other individuals whose Personal Data is included in Customer Data.

Categories of Personal Data may include names, email addresses, phone numbers, usernames, account and authentication data, IP addresses, device identifiers, metadata, logs, files, database content, backups, snapshots, stored objects, volume content, support materials, configuration data, and other Personal Data submitted by Customer through the Services.

Nature of the Processing includes hosting, storage, retrieval, transmission, backup, monitoring, support access, deletion, and other Processing necessary to provide the Services.

Purpose of the Processing is the provision, maintenance, support, and security of the Services under the Agreement.

Duration of the Processing is for the term of the Agreement and any limited retention period required for backups, legal compliance, security investigation, dispute resolution, or enforcement of the Agreement.

Annex II — Security Measures

IBEE maintains a security program appropriate to the Services and the risks presented by the Processing, which may include:

  • least-privilege access controls
  • authentication and privileged access protections
  • encryption in transit and, where applicable, at rest
  • logging, monitoring, and alerting
  • vulnerability management and patching
  • network security and segmentation
  • backup and recovery controls
  • incident response processes
  • personnel confidentiality and training
  • Subprocessor due diligence and contractual controls

Additional details may be made available through trust.ibee.ai.

Annex III — Subprocessors

IBEE’s current Subprocessor information will be made available in its trust center or related legal documentation accessible from trust.ibee.ai.