Data Processing Addendum
Instructions
Doxus processes customer personal data according to customer instructions expressed through workspace settings, connected services, submitted content, and support requests.
Confidentiality
People with authorised access to customer data are expected to handle it under confidentiality duties or equivalent access rules.
Security
Technical and organisational measures are described in the security overview, including access controls, encryption posture, secret management, and incident response.
Subprocessors
Doxus uses subprocessors to host, secure, monitor, authenticate, deliver, and process the service. The public list states current review status.
Rights assistance
Doxus will help customers respond to applicable rights requests where the relevant data is processed through the service and reasonable information is available.
Breach assistance
Doxus will provide reasonable information about confirmed personal data incidents affecting customer data where required by applicable law and contract terms.
DPIA assistance
Doxus will provide available information about service processing to support customer assessment requests where reasonable.
Deletion and return
Deletion and return handling depends on customer instructions, workspace controls, backups, audit needs, and legal obligations.
Audit information
Doxus may provide available security and processing information reasonably needed to assess the service, subject to confidentiality and operational limits.
International transfers
International transfers rely on UK-EU adequacy where it applies and on standard contractual clauses where it does not. The subprocessor list states each provider's region.