Install on Chrome

Data Processing Addendum

For business customers · GDPR Article 28 · Effective 1 May 2026

This DPA applies to business customers who process personal data of their own end users through Zecuri. For individual users, the Privacy Policy governs. To execute a signed DPA, email [email protected].

1. Roles

Where you (the "Customer") use Zecuri to process personal data of your end users, you act as the data controller and LineSpotting AB acts as the data processor under GDPR Article 28. Because Zecuri is zero-knowledge, the personal data in your end users' vaults is encrypted such that LineSpotting AB cannot access it in plaintext.

2. Scope & nature of processing

Subject matter: provision of the Zecuri password-management and sync service. Duration: for the term of your agreement. Nature & purpose: storage and synchronization of end-to-end-encrypted vault blobs and signed sync metadata. Categories of data: encrypted credentials and account identifiers. Data subjects: your authorized end users.

3. Processor obligations

4. Subprocessors

The Customer authorizes LineSpotting AB to engage subprocessors listed at zecuri.com/subprocessors (currently Cloudflare for EU-resident infrastructure). We give at least 30 days' notice of new subprocessors and a right to object.

5. International transfers

All processing occurs within the EEA. If a transfer outside the EEA ever becomes necessary, it will be covered by Standard Contractual Clauses and documented before it occurs.

6. Security & breach notification

Technical measures are described on the Security page. LineSpotting AB notifies the Customer without undue delay, and within 72 hours of becoming aware, of a personal-data breach affecting the Customer's data.

7. Contact

To request or execute a signed DPA, email [email protected].

This page is a summary DPA for convenience. A signed agreement between the Customer and LineSpotting AB governs in case of conflict.