Data Processing Addendum

Last updated: July 2026

This DPA applies when you (the “Controller”) use Pingdeck (the “Processor”) to process personal data on your clients’ behalf — for example, a client contact email used for report delivery or a status-page subscriber.

Scope of processing

Pingdeck processes personal data solely to provide the service: routing alerts, generating and delivering reports, and rendering status pages. We don’t use it for any other purpose.

Subprocessors

See the full, current list on our subprocessors page. We’ll notify account owners by email of any material change.

Security

Secrets (SMTP credentials, webhook signing keys) are encrypted at rest. Access to production data is limited to what’s required to operate the service.

Data subject requests

If one of your clients contacts you with a data subject request, you can fulfil it directly from the app (export/delete client data) or contact us at [email protected] for assistance.

International transfers

Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses with the relevant subprocessor.

Accepting this DPA

By using Pingdeck to process personal data on behalf of your clients, you agree to this DPA in addition to our Terms of Service.