Data Processing Addendum (DPA)

This Data Processing Addendum applies when Laucked processes personal data on behalf of a customer while delivering the service. The customer acts as controller and Laucked acts as processor where applicable.

Laucked may engage subprocessors for hosting, logging, email delivery, and payment processing. A current list is maintained and material changes are communicated where legally required.

• Encryption in transit and at rest where appropriate.
• Role-based access controls with least-privilege permissions.
• Audit logging, monitoring, and alerting for abnormal activity.
• Incident response process with internal escalation and runbooks.

Laucked notifies the customer without undue delay after becoming aware of a personal data breach affecting customer data and provides reasonable information to support customer legal obligations.

Laucked provides reasonable assistance to support customer responses to data subject requests and can provide data export/deletion tooling as documented in the platform.