DOPE.SECURITY COVER LETTER TO DPA (DATA PROCESSING AGREEMENT)
Thank you for flying direct with dope.security. To assist in your compliance process, we wanted to highlight key components that will be detailed in our Data Processing Agreement (DPA):
1. dope.security is a multi-tenant cloud-native security-as-a-service provider. Our vision is to provide a first-class experience to all of our customers, whether you are small or big. You’re important to us. That’s why we’ve tried to be as transparent as possible, and ensure that legal/compliance information is readily available for you at https://dope.security/legal.
2. Privacy, alongside performance and reliability, is one of dope.security’s key value propositions. It’s one of the reasons we built our fly direct architecture — it ensures all data and Internet connections are inspected on your device and no data is ever sent to the cloud for decryption. There are no stopover datacenters.
- USER, POLICY, & ANALYTICS: We store customer user information (device name, username/email, user groups, IP addresses) for administrators to configure policy and monitor endpoints. This is stored in an Active-Active multi-region global database to support failover, disaster recovery, and performance.
- SAFEZONE DATA INSPECTION: The dope.endpoint enforces policy and inspects all content with an on-device proxy — including SSL decryption. The output is analytics/reporting data records that include the user, URL, timestamp, size, policy result. Customer web traffic never transits our cloud, it remains in the safezone of your endpoint.
- TRANSACTION RECORDS: Transaction records, used for analytics, are uploaded only to the region a customer chooses (over five choices available). The data is automatically deleted (time-to-live) with a maximum of 30 days (typically less). If a customer chooses, they can synchronize this analytics data to an Amazon S3 bucket they own for use in a SIEM and/or retention purposes.
3. Internally, we have prioritized important frameworks, namely: SOC-2 audits and regular penetration testing. If you’d like to review the documentation and evidence, please reach out to email@example.com and we would be happy to help.
4. The DPA contains the contractual clauses to govern the use and transfer of personal data from the European Union to other countries.
5. We provide support services from the US, EU, and India to ensure 24x7 coverage.
This is the link to our DPA. Please follow the instructions inside the document to receive the signing link.
NOTE: This cover letter may be updated from time to time.