Patrii
🚀 Open Alpha - Start Building Today!

Our cloud platform is live and accepting new users. Sign up now and start deploying in minutes!

Access Cloud Console

Data Processing Agreement

Last Updated: July 24, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Patrii Inc. ("Processor") and the Customer ("Controller") to reflect the parties' agreement regarding the Processing of Personal Data in compliance with applicable Canadian privacy laws.

1. Definitions

Personal Data:Any information relating to an identified or identifiable natural person
Processing:Any operation performed on Personal Data, including collection, use, storage, and deletion
Controller:The entity that determines the purposes and means of Processing Personal Data
Processor:The entity that Processes Personal Data on behalf of the Controller
Data Subject:The individual to whom Personal Data relates

2. Scope and Roles

This DPA applies to all Processing of Personal Data by Patrii as Processor on behalf of Customer as Controller. The parties acknowledge that:

  • Customer is the Controller of Personal Data
  • Patrii is the Processor acting on Customer's instructions
  • Processing is limited to Canadian data centers
  • This DPA covers all services provided under the Terms of Service

3. Data Processing

3.1 Purpose and Duration

Patrii shall Process Personal Data only for the purpose of providing the Services as described in the Terms of Service and for the duration of the Customer's use of the Services.

3.2 Customer Instructions

Patrii shall Process Personal Data only on documented instructions from Customer, unless required by law. Customer's use of the Services constitutes instructions for Processing.

4. Security Measures

Patrii implements and maintains appropriate technical and organizational measures to protect Personal Data, including:

Technical Measures

  • Encryption at rest and in transit
  • Access controls and authentication
  • Regular security assessments
  • Intrusion detection systems

Organizational Measures

  • Confidentiality agreements
  • Security training
  • Access on need-to-know basis
  • Incident response procedures

5. Sub-processors

Customer grants Patrii general authorization to engage Sub-processors, subject to:

Patrii will notify Customer of any intended changes concerning Sub-processors, giving Customer the opportunity to object. Current Sub-processors are listed at patrii.ca/legal/subprocessors

6. Data Subject Rights

Patrii shall assist Customer in fulfilling obligations to respond to Data Subject requests, including:

  • Access to Personal Data
  • Rectification or erasure
  • Data portability
  • Restriction of Processing
  • Objection to Processing

7. Data Breach Notification

Patrii shall notify Customer without undue delay upon becoming aware of a Personal Data breach.

Notification will include: nature of breach, categories of data affected, likely consequences, and measures taken or proposed.

8. Audit Rights

Patrii shall make available all information necessary to demonstrate compliance with this DPA and allow for audits by Customer or an authorized auditor, subject to reasonable notice and confidentiality requirements.

9. Data Return and Deletion

Upon termination of Services, Patrii shall, at Customer's choice, return all Personal Data or delete it, unless retention is required by law. Certification of deletion will be provided upon request.

10. Governing Law

This DPA is governed by the laws of the Province of Quebec and the federal laws of Canada applicable therein.

11. Contact Information

For questions about this DPA or data processing:

Data Protection Officer: dpo@patrii.ca

Privacy Team: privacy@patrii.ca