SerpsBot
Get Started

Data Processing Agreement

Last updated: January 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between ProAPIs, Inc. ("Processor" or "we") and the customer ("Controller" or "you") for the use of SerpsBot services.

This DPA reflects the parties' agreement regarding the processing of personal data in accordance with the requirements of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the California Consumer Privacy Act ("CCPA").

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, such as collection, recording, storage, retrieval, use, disclosure, or erasure.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
  • "Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.

3. Scope and Purpose of Processing

The Processor shall process Personal Data only to provide the SerpsBot API services as described in the Terms of Service. Processing activities include:

  • Receiving and processing API requests containing search queries
  • Maintaining logs for service operation and security purposes
  • Processing account and billing information

4. Processor Obligations

The Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that persons authorized to process Personal Data have committed to confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to Data Subject requests
  • Notify the Controller without undue delay of any Personal Data breach
  • Delete or return all Personal Data upon termination of services, upon request
  • Make available information necessary to demonstrate compliance

5. Security Measures

The Processor implements the following security measures:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Incident response procedures
  • Employee security training

6. Sub-processors

The Controller provides general authorization for the Processor to engage Sub-processors. The Processor will:

  • Maintain a list of current Sub-processors available upon request
  • Notify the Controller of any intended changes to Sub-processors
  • Ensure Sub-processors are bound by data protection obligations

7. International Data Transfers

When Personal Data is transferred outside the European Economic Area, the Processor will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized transfer mechanisms.

8. Data Subject Rights

The Processor will assist the Controller in fulfilling obligations to respond to Data Subject requests, including requests for access, rectification, erasure, restriction, portability, and objection to processing.

9. Data Breach Notification

In the event of a Personal Data breach, the Processor will notify the Controller without undue delay and no later than 48 hours after becoming aware of the breach. The notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

10. Audit Rights

The Controller has the right to audit the Processor's compliance with this DPA. The Processor will provide reasonable cooperation for audits, subject to appropriate confidentiality obligations and reasonable advance notice.

11. Duration and Termination

This DPA remains in effect for the duration of the Processor's processing of Personal Data. Upon termination of services, the Processor will delete or return all Personal Data as instructed by the Controller, unless retention is required by law.

12. Contact Information

For questions or requests related to this DPA, contact:

ProAPIs, Inc.
Data Protection Contact
Email: support@serpsbot.com

For enterprise customers requiring a signed DPA, please contact us at the email above.