Data Processing Agreement (DPA)

This Data Processing Agreement (DPA) is concluded pursuant to Art. 28 GDPR between the operator of this BotScope instance (Processor) and the registered customer (Controller).

§ 1 Subject Matter and Duration

The Processor processes personal data on behalf of the Controller for the purpose of providing the BotScope log analysis service. The agreement remains in force for the duration of the service contract.

§ 2 Type of Personal Data

Exclusively: IP addresses of bots/crawlers, request paths, HTTP methods, status codes, user-agent strings, timestamps. Personal data of human users is not processed.

§ 3 Instructions

The Processor processes data exclusively on documented instructions from the Controller (in particular through the upload of log files).

§ 4 Technical and Organisational Measures (Art. 32 GDPR)

• Encrypted transmission (HTTPS / TLS)
• Encrypted log storage
• Password hashing with bcrypt
• Role-based access control (Admin / User)
• Automatic deletion after 30 days

§ 5 Sub-Processors

The Processor will inform the Controller of any intended changes regarding the addition or replacement of sub-processors (e.g. Stripe for payments, hosting provider), giving the Controller the opportunity to object.

§ 6 Deletion

After termination of the contract, all data of the Controller will be deleted within 30 days.

§ 7 Audit Rights

The Controller has the right to audit compliance with this DPA.