Data Processing Agreement

Last updated: 2026-07-03

⚠️ DRAFT — this document is a template pending legal review and is not yet legally binding. Placeholder values (e.g. company name, address) must be completed before publication.

This Data Processing Agreement ("DPA") is a template that forms part of the agreement between the customer ("Controller") and [COMPANY LEGAL NAME] ("Processor"). It is provided for review and is intended to be executed (counter-signed) by business customers who require it.

1. Roles

For personal data the customer submits or authorizes us to process (including Amazon Ads account data), the customer is the Controller and Zarox is the Processor.

2. Subject matter & duration

We process personal data to provide the Zarox service, for the duration of the customer's subscription and any legally required retention period thereafter.

3. Nature & purpose of processing

Automating and optimizing the customer's Amazon Advertising campaigns, including migration, bid optimization, reporting, and support.

4. Categories of data & data subjects

Account and contact data of the customer's authorized users, and advertising-account data connected by the customer.

5. Sub-processors

We engage the sub-processors listed on our Sub-processors page and remain responsible for their compliance. We will inform Controllers of material changes.

6. Security measures

We apply appropriate technical and organizational measures, including encryption of credentials at rest, access controls, and encrypted transport.

7. International transfers

Where personal data is transferred outside [JURISDICTION], we rely on Standard Contractual Clauses or another lawful transfer mechanism.

8. Assistance & breach notification

We assist the Controller with data-subject requests and, in the event of a personal-data breach, notify the Controller without undue delay.

9. Deletion or return

On termination, we delete or return personal data at the Controller's choice, subject to legal retention requirements.

10. Audits

We make available information reasonably necessary to demonstrate compliance with this DPA.

To execute this DPA for your organization, contact [PRIVACY CONTACT EMAIL].

We use cookies and similar tools (including live chat) to run the site and understand usage. You can accept or reject non-essential cookies. See our Cookie Policy and Privacy Policy.