Scope
This DPA forms part of the waxTable Terms of Service when you process personal data through the service as a controller, and waxTable acts as your processor.
Roles
- Customer is the data controller and determines purposes of processing.
- waxTable acts as the data processor and processes only on documented instructions.
- Sub-processors are listed publicly with 30-day notice of material changes (NFR-042).
Security measures
HTTPS in transit, AES-256 at rest, row-level security on every workspace boundary, mandatory MFA for Owner and Admin roles on Business and Enterprise plans (FR-009a).
International transfers
Standard contractual clauses are available where required. Primary processing region is configurable per workspace on Enterprise plans.
Sign the DPA
Email dpa@waxtable.comfrom the email associated with your workspace owner account. We'll counter-sign within five business days.