Data Processing Agreement

1. Definitions

• Controller: You (the customer using our Service)
• Processor: Innerkore Technologies Private Limited (we process data on your behalf)
• Personal Data: Any data relating to identified or identifiable individuals
• Processing: Any operation performed on personal data
• Sub-processor: Third-party service providers we use (AWS, Stripe, etc.)

2. Scope and Purpose

We process personal data on your behalf solely for the purpose of providing our website builder service, including:

• Hosting and deploying your websites
• Storing your project data and configurations
• Processing payments for subscriptions
• Providing customer support
• Maintaining service security and performance

3. Your Instructions

We will process personal data only based on your documented instructions, which include:

• This DPA and our Terms of Service
• Your use of the Service and its features
• Your data residency selection (IN/EU/US/BR/CA)
• Any additional written instructions you provide

If we believe an instruction violates GDPR or other applicable laws, we will inform you immediately.

4. Data Security Measures

We implement the following technical and organizational measures:

5. Sub-processors

We use the following sub-processors to provide our Service:

We will notify you of any changes to sub-processors at least 30 days in advance. You may object if you have legitimate grounds.

6. International Data Transfers

If you select a data region outside your country, we use Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) for any transfers from the EU.

Your data remains in your selected region (IN/EU/US/BR/CA) and is not transferred without your consent.

7. Data Subject Rights

We assist you in responding to data subject requests:

• Access: Self-service data export in account settings
• Rectification: Edit personal data in account settings
• Erasure: Account deletion permanently removes data within 30 days
• Portability: Export data in JSON format
• Objection: Opt-out of marketing communications

We will respond to your requests within 30 days as required by GDPR.

8. Data Breach Notification

In the event of a personal data breach, we will:

• Notify you within 72 hours of becoming aware
• Provide details of the breach, affected data, and impact
• Describe our response and mitigation measures
• Assist with your notification obligations to authorities and data subjects
• Document all breaches in our security incident log

9. Audits and Compliance

You have the right to audit our data processing activities. We will:

• Provide documentation of our security measures
• Allow third-party audits (with reasonable notice and NDAs)
• Share relevant certifications (SOC 2, ISO 27001)
• Cooperate with supervisory authorities

10. Data Retention and Deletion

• Active accounts: Data retained as long as account is active
• Deleted accounts: 30-day recovery period, then permanent deletion
• Backup retention: Up to 90 days for disaster recovery
• Legal retention: Some data retained for compliance (invoices, tax records)

11. Termination

Upon termination of our agreement:

• You have 30 days to export your data
• After 30 days, we permanently delete all your data
• We provide confirmation of deletion upon request
• Backup data is securely deleted within 90 days

12. Contact Information

For DPA-related questions or requests:

• Company: Innerkore Technologies Private Limited
• Email: admin@innerkore.com
• Address: Plot No-P-193 F/F P-Block, Mohan Garden, Uttam Nagar, Near Tulsi Bakery, Delhi, West Delhi-110059