Data Processing Agreement

When we operate your infrastructure, we may process personal data on your behalf. This summary sets out how we approach that responsibility; a full, signed Data Processing Agreement forms part of every managed-service engagement.

Roles

For data we process in delivering our services, you are the data controller and Hostoza is a data processor. We process personal data only on your documented instructions and to deliver the agreed services.

Security & confidentiality

We apply appropriate technical and organisational measures — least-privilege access, multi-factor authentication, encryption and secrets management — and our personnel are bound by confidentiality. See our security posture.

Sub-processors

Where we use sub-processors (for example, the cloud or backup providers you have chosen), we maintain a current list and impose equivalent data-protection obligations on them. You can request the list at any time.

Your rights & data return

We assist you in responding to data-subject requests, and on termination we return or delete personal data as you instruct. You own your data and documentation throughout — there is no lock-in.

This is a plain-English summary. The binding DPA is a separate signed document and should be prepared and reviewed by a qualified adviser, with a current sub-processor list, before launch.