Legal

Data Processing Agreement

For customers who need a DPA to cover personal data processed through AppMD.

Last updated July 4, 2026

Roles

Where AppMD processes personal data on your behalf, you act as the data controller and AppMD acts as the data processor. This DPA supplements our Terms of Service.

Scope of processing

We process personal data only to provide the service, in accordance with your documented instructions, for the duration of your subscription.

Subprocessors

We use vetted subprocessors (such as cloud hosting and payments) under written terms consistent with this DPA. A current list is available on request, and we provide notice of material changes.

Security measures

We maintain technical and organizational measures including encryption in transit and at rest, isolated processing sandboxes, access controls, and audit logging. See our Security page for details.

International transfers

Where personal data is transferred across regions, we rely on appropriate safeguards such as Standard Contractual Clauses.

Assistance and breach notification

We assist with data-subject requests and will notify you without undue delay after becoming aware of a personal-data breach affecting your data.

Request a signed copy

To execute a countersigned DPA, contact legal@appmd.dev.