Data Processing Agreement (DPA)

Last Updated: October 2, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions and Privacy Policy between 1760.io (“Processor”) and its clients (“Controller”). It outlines how personal data is collected, processed, and protected under applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) where applicable.

1. Purpose

This DPA governs the processing of personal data provided by the Controller to 1760.io in connection with services including web development, automation, design, consulting, and digital education.

2. Definitions

  • “Personal Data” means any information that can identify an individual directly or indirectly.

  • “Processing” means any operation performed on personal data, such as collection, storage, use, or transfer.

  • “Controller” determines the purpose and means of processing.

  • “Processor” processes data on behalf of the Controller.

3. Data Processing Obligations

1760.io shall:

  • Process data only as instructed by the Controller

  • Use data solely for agreed-upon business purposes

  • Maintain confidentiality and restrict access to authorized personnel

  • Implement appropriate technical and organizational security measures

  • Notify the Controller promptly of any data breach

4. Subprocessors

1760.io may engage trusted third-party vendors (e.g., hosting, analytics, or communication tools) to process data on its behalf. A current list of subprocessors is available upon request.
All subprocessors are bound by confidentiality and data protection obligations consistent with this DPA.

5. International Data Transfers

If data is transferred outside the U.S. or the European Economic Area, such transfers will comply with applicable data protection standards, including standard contractual clauses or equivalent safeguards.

6. Data Retention

Personal data will be retained only as long as necessary to fulfill service obligations or legal requirements. Upon termination of the service, 1760.io will delete or return personal data upon written request, unless retention is required by law.

7. Security Measures

1760.io employs administrative, technical, and physical safeguards such as:

  • Encrypted communication (SSL/TLS)

  • Restricted access controls

  • Regular software and infrastructure updates

  • Secure third-party hosting environments

8. Breach Notification

In the event of a confirmed data breach, 1760.io will notify the Controller within a reasonable timeframe, detailing the nature of the breach, affected data, and corrective actions taken.

9. Data Subject Rights

1760.io will assist the Controller in fulfilling requests from individuals exercising their data rights (access, correction, deletion, or restriction) under applicable law.

10. Liability and Indemnity

Each party is responsible for compliance with applicable data protection laws. The Controller shall indemnify 1760.io for claims arising from data misuse not caused by the Processor’s negligence or noncompliance.

11. Term and Termination

This DPA remains in effect for the duration of any service engagement. Upon termination, 1760.io will either delete or return all personal data, unless otherwise required by law.

12. Contact

For data protection inquiries, contact:
📧 privacy@1760.io
🌐 www.1760.io