Data Processing Agreement

This page summarises Azava's data processing commitments. The full, signable Data Processing Agreement (DPA) is available for download below.

1. What the DPA is

The DPA is the contract that governs Azava's processing of Customer Data — data that Customers route through the platform — in Azava's capacity as a data processor. It applies to all use of the Services and forms part of the customer agreement alongside the Customer Terms and Conditions.

2. Roles

Customer — the controller: you decide what data is processed and for what purpose.
Azava — the processor: we process Customer Data only on your documented instructions.
Your connected systems are not Azava sub-processors — they are your own data systems that Azava connects to on your behalf.

3. Sub-processors

Azava uses a limited set of sub-processors to deliver the Services. The canonical list, including each processor's location and the transfer mechanism used, is published in Section 6 of our Privacy Policy. That list is the single source of truth — we update it there whenever a sub-processor changes.

4. International transfers

Where Customer Data is transferred to sub-processors outside the UK or EEA, the transfer is covered by the appropriate mechanism: Standard Contractual Clauses (SCCs) for EEA-originating transfers, or the UK International Data Transfer Addendum (UK IDTA) for UK-originating transfers, as incorporated in each sub-processor's own DPA. Our DPA includes a summary of the transfer mechanisms in use.

5. Retention & deletion

Customer Data is deleted within 30 days of account closure or a verified deletion request.
System and security logs are retained for 14 days.

6. Security

Azava applies appropriate technical and organisational measures including:

TLS 1.2+ in transit
AES-256 encryption at rest
Encrypted credential storage (never stored in plaintext)

Get the signable DPA

The full Data Processing Agreement (which forms part of the Customer Terms and Conditions) is available as a PDF:

Download DPA (PDF)Request via email

Note: The PDF download links to /legal/azava-dpa.pdf in public/. Place the exported PDF at apps/web/public/legal/azava-dpa.pdf to activate the download link. (One-time export from Azava_Customer_TCs_and_DPA_(revised).docx— Henry's action.)