1. Requesting a DPA
CloudMySite will provide a DPA for business customers who process personal data through CloudMySite services. Until a formal self-serve DPA is available, customers can request it by emailing [email protected].
CloudMySite Legal
CloudMySite Data Processing Addendum
MVP Data Processing Addendum information for business customers processing personal data through CloudMySite services.
Effective Date: June 20, 2026Last Updated: June 20, 2026
This MVP DPA page is request-only until a formal self-serve DPA is approved.
Attorney review is required before using this as a final enterprise customer agreement.
2. Roles
The DPA should describe when the customer acts as controller/business and when CloudMySite acts as processor/service provider for customer personal data, including subscriber data, form submissions, store customer data, website visitor data, and other data processed on the customer's behalf.
3. Processing Scope
The DPA should cover processing necessary for hosting, website deployment, newsletter delivery, subscriber management, forms, AI processing, support, security, backups, logs, billing support, abuse prevention, integrations, and service operation.
4. Confidentiality
CloudMySite personnel and authorized contractors who process customer personal data should be subject to confidentiality obligations and should access data only for legitimate support, security, compliance, operations, or service delivery purposes.
5. Security Measures
The DPA should describe administrative, technical, and organizational safeguards such as access controls, authentication, encryption where appropriate, logging, provider security controls, network protections, abuse monitoring, backups, and incident response procedures.
6. Subprocessors and Notice of Changes
The DPA should reference the Subprocessors page, explain how subprocessors are used, and describe how CloudMySite provides notice of material changes where required.
7. Assistance With Data Subject Requests
CloudMySite should provide reasonable assistance to customers responding to access, correction, deletion, portability, objection, opt-out, and other privacy rights requests where required by applicable law and the DPA.
8. Breach and Security Incident Notification
The DPA should describe how CloudMySite evaluates, communicates, and assists with security incidents involving customer personal data, including timing and content of notices where required by law.
9. Deletion or Return at Termination
The DPA should explain deletion, return, export, archive, and backup handling after termination or customer request, subject to legal, security, billing, dispute, abuse prevention, and backup retention requirements.
10. International Transfer Safeguards
The DPA should describe transfer safeguards used when personal data is processed outside the originating jurisdiction, such as contractual protections, applicable data transfer addenda, or other lawful mechanisms.
11. Audit and Compliance Assistance
The DPA should describe reasonable audit, documentation, and compliance assistance available to customers, balanced against security, confidentiality, operational, and provider constraints.