Data Processing Agreement
Last updated: 17 June 2026
Effective date: 17 June 2026
This Data Processing Agreement (DPA) forms part of the agreement between CyprusNode (Cyprusnode.com, Processor, we, us, our) and the customer who uses our services to host or process personal data (Controller, you, your).
This DPA applies when you use CyprusNode infrastructure to store, host, transmit, or otherwise process personal data about your end users. By using our services for that purpose, you accept this DPA together with our Terms of Service, Privacy Policy, and Acceptable Use Policy.
1. Roles and your responsibility
You are the controller. You alone decide what personal data is processed, why it is processed, whether you have a lawful basis, and how you comply with privacy law for your end users.
We are the processor. We provide hosting and infrastructure only. We do not review, approve, or control the lawfulness of the content or personal data you place on our services.
You confirm that:
- You have a valid legal basis to process the personal data you place on our infrastructure
- You provide all required privacy notices to your end users
- Your processing instructions and use of the services comply with applicable law
- You are solely responsible for your applications, mailboxes, databases, backups, credentials, and configurations
2. Details of processing
Subject matter: hosting and infrastructure services under your CyprusNode account.
Duration: while the service is active and for the retention periods in our Privacy Policy.
Purpose: to provide the services you ordered.
Types of personal data: any personal data you upload, generate, transmit, or store on our infrastructure.
Data subjects: your customers, visitors, mail users, employees, and any other individuals whose data you process through the services.
3. Instructions
We process personal data only to provide the services and based on your use of those services, your configuration, and requests sent through official CyprusNode channels.
We may refuse, limit, suspend, or stop processing where we believe your use is unlawful, abusive, insecure, or harmful to our network or other customers.
4. Security
We use reasonable measures to operate our platform. We do not guarantee that personal data is secure, error-free, or free from unauthorised access.
You are solely responsible for securing everything you control, including operating systems, software, plugins, mailboxes, databases, passwords, firewalls, patches, backups, and access controls.
Any security failure caused by your configuration, software, weak credentials, malware, or third-party tools is your responsibility, not ours.
5. Subprocessors and third parties
We use subprocessors and third-party providers to operate CyprusNode, including data centers, payment processors, email tools, authentication providers, analytics providers, and security vendors.
You authorise our use of subprocessors. We may add or change subprocessors without your prior approval. We are not responsible for the acts, omissions, policies, security, or data practices of any subprocessor or third party.
6. International transfers
Personal data may be processed in or transferred to countries outside your country, including outside the European Economic Area. You accept that risk by using the services.
7. Data subject requests
If an end user contacts us about data you control, we may direct them to you.
We have no obligation to help you respond to data subject requests. If we choose to help, we may charge for that work and we provide only the information we still hold and can reasonably locate.
8. Breaches
We are not responsible for personal data breaches caused by you, your users, your software, your configuration, subprocessors outside our control, or third-party attacks beyond what we choose to mitigate.
We may notify you of a breach affecting data we process for you if we decide it is appropriate. We do not guarantee any particular notice timing or content.
9. Return and deletion
You are responsible for exporting, backing up, and deleting your content before termination.
After termination or account deletion, we handle data as described in our Privacy Policy. We may retain, anonymise, or delete data at our discretion for billing, tax, abuse prevention, security, support history, backups, and operational records.
10. Audits and information
We do not provide audits, on-site inspections, or custom compliance reports unless we agree in writing and you pay our fees.
We may provide general service information at our discretion. We are not required to disclose internal systems, security designs, logs, or other customers' data.
11. No warranties and no liability
We provide processor services as-is and as-available. We make no warranties about GDPR compliance for your business, data accuracy, availability, security, or fitness for your use case.
To the fullest extent permitted by applicable law:
- We are not liable for any loss, claim, fine, penalty, or damage arising from your processing activities, your end users, your content, your instructions, or your failure to comply with privacy law
- We are not liable for indirect, consequential, special, or punitive damages
- Our total liability under this DPA is limited to the fees you paid us for the affected service in the 1 month before the event giving rise to the claim, or EUR 100, whichever is greater
You indemnify and hold CyprusNode harmless against all claims, fines, losses, and costs arising from your processing of personal data, your end users, your content, or your breach of this DPA.
All other liability limits in our Terms of Service apply to this DPA.
12. Term
This DPA applies while you use our services to process personal data on your behalf. Liability and indemnity sections survive termination.
13. Governing law
This DPA is governed by the laws of Cyprus. Disputes are handled by the courts of Cyprus.
14. Contact
Processor support:
https://cyprusnode.com/tickets/create
Abuse: abuse@cyprusnode.com