Data Processing Agreement
GDPR Article 28 compliant agreement between PARAMANT (processor) and your organisation (controller). Governs all personal data processed through the PARAMANT relay service.
1. Parties
| Processor | PARAMANT — operated on Hetzner Online GmbH, FSN1, Nuremberg, Germany. Contact: privacy@paramant.app |
| Controller | The organisation identified in the signature form below |
| Effective date | Date of electronic signature |
2. Subject matter and scope
This agreement governs the processing of personal data by PARAMANT on behalf of the Controller in connection with the PARAMANT relay service, including all sector relays: healthcare, legal, finance, IoT, and general.
PARAMANT acts exclusively as a processor. The Controller determines the purposes and means of processing. The subject matter is the secure, transient relay of encrypted files and associated metadata between authenticated parties.
3. Nature, purpose, and duration of processing
| Nature | Transient encrypted relay — payloads stored in RAM only, destroyed after first retrieval (burn-on-read) or TTL expiry. No payload data written to disk. |
| Purpose | Secure point-to-point file transfer as instructed by the Controller |
| Duration | Coterminous with the service subscription. Payload data destroyed within TTL regardless (max 24h Professional, max 7 days Enterprise). |
| Personal data categories | Any personal data embedded in transferred files (content encrypted, invisible to processor); API key contact email; device identifiers (hashed in CT log) |
| Data subjects | Any natural persons whose data appears in files transferred via the service |
4. Processor obligations
PARAMANT shall:
- Process personal data only on documented instructions from the Controller, unless required to do so by Union or Member State law to which PARAMANT is subject
- Ensure that persons authorised to process personal data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality
- Implement appropriate technical and organisational measures in accordance with Article 32 GDPR — see Section 7
- Assist the Controller with obligations under Articles 32–36 GDPR, taking into account the nature of processing and the information available to PARAMANT
- At the choice of the Controller, delete or return all personal data after the end of provision of processing services, and delete existing copies unless Union or Member State law requires storage of the personal data
- Make available to the Controller all information necessary to demonstrate compliance with obligations laid down in Article 28 GDPR, and allow for and contribute to audits and inspections
- Immediately inform the Controller if, in its opinion, an instruction infringes GDPR or other applicable data protection law
5. Sub-processors
The Controller provides general authorisation for PARAMANT to use the following sub-processors:
| Sub-processor | Location | Purpose | Data transferred |
|---|---|---|---|
| Hetzner Online GmbH | Germany (FSN1) | Infrastructure hosting | Encrypted payloads in RAM only; no persistent writes of payload data to Hetzner storage |
| Resend Inc. | US (SCC applied) | Transactional email (API key delivery only) | Email address and API key on trial key request; no file content |
PARAMANT will notify the Controller at least 14 days in advance of any intended changes to sub-processors, giving the Controller the opportunity to object.
6. International transfers
All relay infrastructure is located in the EU (Hetzner DE, FSN1). Resend Inc. operates in the United States; the transfer is covered by Standard Contractual Clauses (Commission Decision 2021/914/EU, Module 1). No other personal data is transferred outside the EEA.
7. Technical and organisational measures (Article 32)
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.3 minimum on all relay endpoints |
| End-to-end encryption of content | File payloads encrypted client-side with ML-KEM-768 + ECDH P-256 hybrid (NIST FIPS 203). Relay holds only ciphertext. |
| Encryption at rest | Not applicable — payloads never written to disk (RAM-only) |
| Data minimisation | Filenames not stored in plaintext (enc_meta ciphertext only); device IDs hashed SHA3-256 in CT log; no logging of payload content |
| Access control | API key authentication on all relay endpoints; admin panel protected with TOTP MFA and per-IP rate limiting (5 attempts/min) |
| Audit logging | Certificate Transparency log — transfer hashes and device key commitments, no payload content; tamper-evident Merkle tree |
| Integrity and availability | auditd (49 CIS L2 rules), AIDE daily file integrity check, AppArmor enforcing, CIS Ubuntu 24.04 L2 benchmark — 114 checks |
| Infrastructure hardening | Docker containers: read-only FS, no-new-privileges, cap_drop ALL, non-root user; HSTS max-age=63072000 |
| Vulnerability management | Independent security audit completed April 2026 — see audit report |
8. Personal data breach notification
PARAMANT will notify the Controller without undue delay, and in any case within 48 hours, after becoming aware of a personal data breach affecting data processed under this agreement. Notification will be sent to the email address provided in the signature form below and will include, to the extent available: the nature of the breach; categories and approximate number of data subjects and records affected; likely consequences; and measures taken or proposed to address the breach.
9. Audit rights
The Controller may request a compliance review, no more than once per calendar year, by providing at least 30 days’ written notice to privacy@paramant.app. PARAMANT will provide relevant documentation and, where applicable, access to system configurations. Physical on-site access requires prior agreement on scope, scheduling, and reasonable costs.
10. Liability
Liability of each party for breach of this agreement is governed by Article 82 GDPR. PARAMANT’s aggregate contractual liability is limited to the total fees paid by the Controller in the 12 months preceding the event giving rise to the claim, except in cases of wilful misconduct or gross negligence.
11. Term and termination
This agreement is effective from the date of signature and remains in force for the duration of the Controller’s service subscription. Upon termination, PARAMANT will delete all personal data within 30 days, except where retention is required by applicable law. The CT log (containing only hashed identifiers, no payload content) may be retained for audit and compliance purposes.
12. Governing law and jurisdiction
This agreement is governed by the law of the Federal Republic of Germany. Any dispute arising under or in connection with this agreement shall be subject to the exclusive jurisdiction of the courts of Germany.
Sign electronically
Enter your details below to sign this agreement. You will receive a countersigned copy by email immediately.