EULA
Privacy Policy
GDPR & DPA
SLA
SOC 2 Type 2
Sub-Processor List
Trade Compliance
EULA
Privacy Policy
DPA & GDPR
SLA
SOC 2 Type 2
Sub-Processor List
Trade Compliance

DOPE.SECURITY COVER LETTER TO DPA (DATA PROCESSING AGREEMENT)

LAST UPDATED 19 JULY 2024

Thank you for flying direct with dope.security. To assist in your compliance process, we've highlighted key components that will be detailed in our Data Processing Agreement (DPA):

1. dope.security is a multi-tenant cloud-native security-as-a-service provider. Our vision is to provide a first-class experience to all of our customers, whether you are small or big. You’re important to us. That’s why we’ve tried to be as transparent as possible, and ensure that legal/compliance information is readily available for you at https://dope.security/legal.

2. Privacy, alongside performance and reliability, is one of dope.security’s key value propositions. It’s one of the reasons we built our fly direct architecture—it ensures all data and Internet connections are inspected on your device and no data is ever sent to the cloud for decryption. There are no stopover data centers.

  • USER, POLICY, & ANALYTICS: We store customer user information (device name, username/email, user groups, IP addresses) for administrators to configure policy and monitor endpoints. This is stored in an Active-Active multi-region global database to support failover, disaster recovery, and performance.
  • SAFEZONE DATA INSPECTION: The dope.endpoint enforces policy and inspects all content with an on-device proxy—including SSL decryption. The output is analytics/reporting data records that include the user, URL, timestamp, size, and policy result. Customer web traffic never transits our cloud, it remains in the safezone of your endpoint.
  • TRANSACTION RECORDS: Transaction records, used for analytics, are uploaded only to the region a customer chooses (over five choices available). The data is automatically deleted (time-to-live) with a maximum of 30 days (typically less). If a customer chooses, they can synchronize this analytics data to an Amazon S3 bucket they own for use in a SIEM and/or retention purposes.
  • CASB NEURAL (DLP & SSPM): If activated, dope.casb_neural will crawl your SaaS application and import metadata information to determine whether files are Public/External and if further processing should occur. If the file is deemed interesting, it will be downloaded, processed via a large language model, and deleted. File content is never stored. 3rd-party applications that have been authorized & related record data will also be imported for administrators to review.

3. Internally, we have prioritized important frameworks, namely: SOC-2 audits and regular penetration testing. If you’d like to review the documentation and evidence, please reach out to support@dope.security and we would be happy to help.

4. The DPA contains the contractual clauses to govern the use and transfer of personal data from the European Union to other countries.

5. We provide support services from the US, EU, and India to ensure 24x7 coverage.

This is the link to our DPA. Please follow the instructions inside the document to receive the signing link.

Thank you,
dope.security

NOTE: This cover letter may be updated from time to time.

Dope Security logo - links to the home page.
It’s not that we’re mad at yesterday’s cybersecurity.  Just disappointed.  So we made it better.  We made it easier.

We made it dope.
sales@dope.security
about
Our Story
Our Crew
Newsroom
Events
Partners
compare
Forcepoint
Zscaler
Cisco Umbrella
Netskope
documentation
Support
User Manual
[ DOPE.FOOTER ]
© 2023 dope.security Inc.
Made with
in California
EULAPRIVACYLEGALmanage cookies