Data Processing Addendum

Last Updated: April 9, 2026

This Data Processing Addendum (“DPA“) forms part of the agreement between MB Sipavita, operating DmarcAuditor.com (“Processor“), and the customer using the DmarcAuditor.com service (“Controller“), to the extent MB Sipavita processes personal data on behalf of the Controller as a processor under applicable data protection law.

1. Scope

This DPA applies only to personal data that MB Sipavita processes on behalf of the Controller solely for the purpose of providing the DmarcAuditor.com service. It does not apply to personal data that MB Sipavita processes as an independent controller for its own business operations, such as account administration, billing, support, fraud prevention, security, or compliance.

2. Roles of the parties

The Controller determines the purposes and means of the processing of customer personal data submitted to or processed through the service, except to the extent applicable law requires otherwise. MB Sipavita acts as the Processor only on behalf of and under the documented instructions of the Controller for such processing.

3. Subject matter and duration

The subject matter of the processing is the provision of DMARC monitoring, analysis, and related service functionality. Processing continues for the duration of the customer’s use of the service and for any limited period reasonably required for deletion, return, backup handling, dispute resolution, security, or legal compliance.

4. Nature and purpose of processing

Processing may include collection, storage, organization, retrieval, analysis, display, transmission, and deletion of customer service data as necessary to provide the DmarcAuditor.com service.

5. Types of personal data and categories of data subjects

Depending on how the customer uses the service, customer service data may include personal data contained in DMARC reports, domain-related email authentication data, technical metadata, and related account-linked service information. Data subjects may include the customer’s employees, contractors, email senders, recipients, or other individuals whose personal data is contained in the customer data submitted to or processed through the service.

6. Processor obligations

  1. MB Sipavita will process customer personal data only on the documented instructions of the Controller, unless otherwise required by applicable law.
  2. MB Sipavita will ensure that persons authorized to process personal data are subject to appropriate confidentiality obligations.
  3. MB Sipavita will implement appropriate technical and organizational measures designed to protect customer personal data.
  4. MB Sipavita will assist the Controller, taking into account the nature of the processing and the information available to MB Sipavita, with reasonable requests related to data subject rights, security incidents, and legal compliance obligations under applicable data protection law.
  5. MB Sipavita will notify the Controller without undue delay after becoming aware of a personal data breach affecting customer personal data processed under this DPA, as required by applicable law.

7. Subprocessors

The Controller authorizes MB Sipavita to use subprocessors as reasonably necessary to provide the service. Current subprocessors may include:

  1. Paddle.com Market Limited and its affiliates, for payment and subscription operations where relevant to the service relationship.
  2. Hetzner, for hosting DmarcAuditor.com services.
  3. Cloudflare, for performance and security services.
  4. Fastmail, for support-related email communications.

MB Sipavita remains responsible for its subprocessors to the extent required by applicable law.

8. International transfers

Where customer personal data is transferred internationally, MB Sipavita will take reasonable steps to implement appropriate safeguards where required by applicable law.

9. Deletion and return

Upon termination of the applicable service, MB Sipavita will delete or return customer personal data covered by this DPA within a reasonable period, unless continued retention is required for security, backup integrity, dispute resolution, or compliance with applicable law.

10. Audit and information rights

MB Sipavita will make available information reasonably necessary to demonstrate compliance with this DPA, taking into account the nature of the service, the sensitivity of the information involved, and the need to protect the confidentiality and security of other customers and internal systems.

11. Order of precedence

If there is a conflict between this DPA and other service terms, this DPA will control with respect to the processing of personal data by MB Sipavita as a processor.

12. Contact

If you have questions about this DPA, please contact MB Sipavita through our contact page.