Data Processing Agreement
For customers who need a DPA to cover personal data processed through AppMD.
Last updated July 4, 2026
Roles
Where AppMD processes personal data on your behalf, you act as the data controller and AppMD acts as the data processor. This DPA supplements our Terms of Service.
Scope of processing
We process personal data only to provide the service, in accordance with your documented instructions, for the duration of your subscription.
Subprocessors
We use vetted subprocessors (such as cloud hosting and payments) under written terms consistent with this DPA. A current list is available on request, and we provide notice of material changes.
Security measures
We maintain technical and organizational measures including encryption in transit and at rest, isolated processing sandboxes, access controls, and audit logging. See our Security page for details.
International transfers
Where personal data is transferred across regions, we rely on appropriate safeguards such as Standard Contractual Clauses.
Assistance and breach notification
We assist with data-subject requests and will notify you without undue delay after becoming aware of a personal-data breach affecting your data.
Request a signed copy
To execute a countersigned DPA, contact legal@appmd.dev.