Legal — effective 1 January 2025

Data Processing Agreement

GDPR Article 28 compliant agreement between PARAMANT (processor) and your organisation (controller). Governs all personal data processed through the PARAMANT relay service.

Zero-knowledge summary: PARAMANT operates a zero-knowledge relay. All file payloads are encrypted client-side before they reach our infrastructure — we hold only ciphertext and cannot access the content. We process only the minimum technical metadata required to route and expire transfers.

1. Parties

Processor	PARAMANT — operated on Hetzner Online GmbH, FSN1, Nuremberg, Germany. Contact: privacy@paramant.app
Controller	The organisation identified in the signature form below
Effective date	Date of electronic signature

2. Subject matter and scope

This agreement governs the processing of personal data by PARAMANT on behalf of the Controller in connection with the PARAMANT relay service, including all sector relays: healthcare, legal, finance, IoT, and general.

PARAMANT acts exclusively as a processor. The Controller determines the purposes and means of processing. The subject matter is the secure, transient relay of encrypted files and associated metadata between authenticated parties.

3. Nature, purpose, and duration of processing

Nature	Transient encrypted relay — payloads stored in RAM only, destroyed after first retrieval (burn-on-read) or TTL expiry. No payload data written to disk.
Purpose	Secure point-to-point file transfer as instructed by the Controller
Duration	Coterminous with the service subscription. Payload data destroyed within TTL regardless (max 24h Professional, max 7 days Enterprise).
Personal data categories	Any personal data embedded in transferred files (content encrypted, invisible to processor); API key contact email; device identifiers (hashed in CT log)
Data subjects	Any natural persons whose data appears in files transferred via the service

4. Processor obligations

PARAMANT shall:

Process personal data only on documented instructions from the Controller, unless required to do so by Union or Member State law to which PARAMANT is subject
Ensure that persons authorised to process personal data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality
Implement appropriate technical and organisational measures in accordance with Article 32 GDPR — see Section 7
Assist the Controller with obligations under Articles 32–36 GDPR, taking into account the nature of processing and the information available to PARAMANT
At the choice of the Controller, delete or return all personal data after the end of provision of processing services, and delete existing copies unless Union or Member State law requires storage of the personal data
Make available to the Controller all information necessary to demonstrate compliance with obligations laid down in Article 28 GDPR, and allow for and contribute to audits and inspections
Immediately inform the Controller if, in its opinion, an instruction infringes GDPR or other applicable data protection law

5. Sub-processors

The Controller provides general authorisation for PARAMANT to use the following sub-processors:

Sub-processor	Location	Purpose	Data transferred
Hetzner Online GmbH	Germany (FSN1)	Infrastructure hosting	Encrypted payloads in RAM only; no persistent writes of payload data to Hetzner storage
Resend Inc.	US (SCC applied)	Transactional email (API key delivery only)	Email address and API key on trial key request; no file content

PARAMANT will notify the Controller at least 14 days in advance of any intended changes to sub-processors, giving the Controller the opportunity to object.

6. International transfers

All relay infrastructure is located in the EU (Hetzner DE, FSN1). Resend Inc. operates in the United States; the transfer is covered by Standard Contractual Clauses (Commission Decision 2021/914/EU, Module 1). No other personal data is transferred outside the EEA.

7. Technical and organisational measures (Article 32)

Measure	Implementation
Encryption in transit	TLS 1.3 minimum on all relay endpoints
End-to-end encryption of content	File payloads encrypted client-side with ML-KEM-768 + ECDH P-256 hybrid (NIST FIPS 203). Relay holds only ciphertext.
Encryption at rest	Not applicable — payloads never written to disk (RAM-only)
Data minimisation	Filenames not stored in plaintext (enc_meta ciphertext only); device IDs hashed SHA3-256 in CT log; no logging of payload content
Access control	API key authentication on all relay endpoints; admin panel protected with TOTP MFA and per-IP rate limiting (5 attempts/min)
Audit logging	Certificate Transparency log — transfer hashes and device key commitments, no payload content; tamper-evident Merkle tree
Integrity and availability	auditd (49 CIS L2 rules), AIDE daily file integrity check, AppArmor enforcing, CIS Ubuntu 24.04 L2 benchmark — 114 checks
Infrastructure hardening	Docker containers: read-only FS, no-new-privileges, cap_drop ALL, non-root user; HSTS max-age=63072000
Vulnerability management	Independent security audit completed April 2026 — see audit report

8. Personal data breach notification

PARAMANT will notify the Controller without undue delay, and in any case within 48 hours, after becoming aware of a personal data breach affecting data processed under this agreement. Notification will be sent to the email address provided in the signature form below and will include, to the extent available: the nature of the breach; categories and approximate number of data subjects and records affected; likely consequences; and measures taken or proposed to address the breach.

9. Audit rights

The Controller may request a compliance review, no more than once per calendar year, by providing at least 30 days’ written notice to privacy@paramant.app. PARAMANT will provide relevant documentation and, where applicable, access to system configurations. Physical on-site access requires prior agreement on scope, scheduling, and reasonable costs.

10. Liability

Liability of each party for breach of this agreement is governed by Article 82 GDPR. PARAMANT’s aggregate contractual liability is limited to the total fees paid by the Controller in the 12 months preceding the event giving rise to the claim, except in cases of wilful misconduct or gross negligence.

11. Term and termination

This agreement is effective from the date of signature and remains in force for the duration of the Controller’s service subscription. Upon termination, PARAMANT will delete all personal data within 30 days, except where retention is required by applicable law. The CT log (containing only hashed identifiers, no payload content) may be retained for audit and compliance purposes.

12. Governing law and jurisdiction

This agreement is governed by the law of the Federal Republic of Germany. Any dispute arising under or in connection with this agreement shall be subject to the exclusive jurisdiction of the courts of Germany.

Sign electronically

Enter your details below to sign this agreement. You will receive a countersigned copy by email immediately.

Full name *

Job title

Organisation *

KvK / registration number

Email address (DPA contact) *

I confirm that I am authorised to sign this Data Processing Agreement on behalf of my organisation, and that I have read and agree to the terms above including the sub-processors listed in Section 5.

✓ Agreement signed

A countersigned copy has been sent to

Keep your reference number. Questions: privacy@paramant.app

Enterprise / healthcare addenda: For NEN 7510, NIS2, or sector-specific addenda to this agreement, email privacy@paramant.app with your sector and requirements. Enterprise contracts with custom SLAs and jurisdiction clauses are available on request.