Last Updated: May 30, 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service (the “Agreement”) between Databunker Tech Ltd (Israeli company no. 517349809) (“Databunker,” “Processor”) and the customer that uses the cloud-hosted Databunker products (“Customer,” “Controller”). It governs Databunker’s processing of personal data on Customer’s behalf.
When this DPA applies. It applies where Databunker processes personal data on Customer’s behalf through the cloud-hosted products — cloud-hosted Databunker Pro, Databunker Radar, and Databunker DPO. It does not apply to Databunker Pro deployed self-hosted on Customer’s own infrastructure, because Databunker does not access the data Customer stores there. Where Customer is itself a processor acting for another controller, references to Customer’s instructions include that controller’s instructions.
If there is a conflict between this DPA and the Agreement regarding the processing of personal data, this DPA controls.
Customer is the Controller (or a Processor acting on behalf of another Controller), and Databunker is the Processor of Customer Personal Data. Each party will comply with its obligations under Data Protection Laws. Customer is responsible for the lawfulness of the personal data it provides and the instructions it gives — including having a valid legal basis and providing any required notices to Data Subjects.
Databunker processes Customer Personal Data only on Customer’s documented instructions — including as set out in the Agreement, this DPA, and Customer’s configuration and use of the products — unless required by law, in which case Databunker will inform Customer first, unless the law prohibits it. Databunker will tell Customer if, in its opinion, an instruction infringes Data Protection Laws.
The subject matter, duration, nature and purpose of the processing, the types of personal data, and the categories of data subjects are set out in Annex 1.
Databunker ensures that personnel authorized to process Customer Personal Data are bound by confidentiality obligations and process the data only as instructed.
Databunker implements appropriate technical and organizational measures to protect Customer Personal Data, as described in Annex 2, taking into account the state of the art, the costs of implementation, and the nature, scope, and risks of the processing.
Customer provides general written authorization for Databunker to engage Sub-processors. Databunker’s current Sub-processors are listed at databunker.org/legal/subprocessors. Databunker imposes data-protection obligations on its Sub-processors that are no less protective than this DPA, and remains responsible for their performance. Databunker will give Customer at least 30 days’ notice of any new Sub-processor (by updating the list and, on request, notifying Customer). Customer may object on reasonable data-protection grounds within that period; if the parties cannot resolve the objection, Customer may terminate the affected product.
Taking into account the nature of the processing, Databunker assists Customer — by appropriate technical and organizational measures, insofar as possible — in responding to Data Subject requests (access, deletion, rectification, portability, objection). If a Data Subject contacts Databunker directly about Customer Personal Data, Databunker will refer them to Customer. The Databunker DPO and Pro products themselves provide tooling that helps Customer fulfil these requests.
Taking into account the nature of the processing and the information available to it, Databunker assists Customer in meeting its obligations regarding security, breach notification, data protection impact assessments, and prior consultation with supervisory authorities (GDPR Articles 32–36).
Databunker will notify Customer without undue delay, and where feasible within 72 hours, after becoming aware of a Personal Data Breach affecting Customer Personal Data, and will provide information reasonably available to help Customer meet its own notification obligations.
On termination of the relevant product, Databunker will delete or return Customer Personal Data at Customer’s choice, and will delete existing copies within a reasonable period (no later than 30 days), unless law requires continued storage. On request, Databunker will certify deletion.
Databunker will make available to Customer the information reasonably necessary to demonstrate compliance with this DPA, including relevant third-party audit reports and security documentation (such as its SOC 2 report, when available). Where that information is insufficient, Customer may conduct an audit no more than once per year, on reasonable prior notice, during business hours, subject to confidentiality, and without unreasonably disrupting Databunker’s operations.
Databunker processes Customer Personal Data primarily within the European Union (its default cloud region is AWS Frankfurt, eu-central-1) and Israel, which the European Commission recognizes as providing an adequate level of data protection. Where Databunker transfers Customer Personal Data to a country without an adequacy decision, it will use an appropriate transfer mechanism, such as the EU Standard Contractual Clauses, which are incorporated by reference where they apply.
Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.
This DPA takes effect when Customer accepts the Agreement and continues for as long as Databunker processes Customer Personal Data. It is governed by the laws of the State of Israel, and disputes are subject to the courts of Tel Aviv-Jaffa, consistent with the Agreement — except where Data Protection Laws require otherwise.
Databunker may update these measures provided the level of protection is not materially reduced. Current detail is described in the product documentation.
The current list of Sub-processors is maintained at databunker.org/legal/subprocessors (currently Amazon Web Services for hosting and Mailjet for email).
Contact: Databunker Tech Ltd, Yud Dalet HaBanim 7/20, 4936704, Petah-Tikva, Israel · office@databunkertech.com