Data Processing Addendum
Last updated: July 2026
This DPA applies when you (the “Controller”) use Pingdeck (the “Processor”) to process personal data on your clients’ behalf — for example, a client contact email used for report delivery or a status-page subscriber.
Scope of processing
Pingdeck processes personal data solely to provide the service: routing alerts, generating and delivering reports, and rendering status pages. We don’t use it for any other purpose.
Subprocessors
See the full, current list on our subprocessors page. We’ll notify account owners by email of any material change.
Security
Secrets (SMTP credentials, webhook signing keys) are encrypted at rest. Access to production data is limited to what’s required to operate the service.
Data subject requests
If one of your clients contacts you with a data subject request, you can fulfil it directly from the app (export/delete client data) or contact us at [email protected] for assistance.
International transfers
Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses with the relevant subprocessor.
Accepting this DPA
By using Pingdeck to process personal data on behalf of your clients, you agree to this DPA in addition to our Terms of Service.