Skip to content
AppHaven.

DPA

Data processing agreement.

Last updated: 5 May 2026

When you run an app on AppHaven, you are the data controller for the personal data your application processes, and AppHaven acts as your data processor. This page summarises the data processing agreement that governs that relationship under Article 28 of the GDPR. The full signed text forms part of every customer contract.

Status

AppHaven is in private beta. During the beta period the list of authorised sub-processors and the technical and organisational measures may change more frequently. Beta customers receive the current draft as part of their onboarding.

Scope

The DPA covers the personal data that you, as the controller, instruct AppHaven to process when you deploy and run an application on the platform. The subject matter, duration, nature, and purpose of the processing are set by your use of the service. The categories of personal data and data subjects are determined by your application.

Our commitments as processor

Under the DPA, AppHaven:

  • Processes personal data only on your documented instructions, except where required by law.
  • Ensures that everyone authorised to process the data is bound by an obligation of confidentiality.
  • Implements appropriate technical and organisational measures to protect the data, including encryption in transit and at rest, access controls, and continuous backups.
  • Notifies you without undue delay after becoming aware of a personal data breach affecting your data.
  • At your choice, returns or deletes your personal data at the end of the engagement, except where storage is required by law.
  • Makes available the information necessary to demonstrate compliance and allows for and contributes to audits.

Sub-processors

AppHaven may engage sub-processors to deliver the service. Each sub-processor is bound by a written agreement that imposes the same data protection obligations as those set out in our DPA with you. The current list of authorised sub-processors is maintained in an appendix to the DPA, and we notify customers in advance of any intended additions or replacements.

International transfers

AppHaven hosts customer data inside the European Union and operates from the EU. We do not transfer customer personal data outside the EU/EEA.