Rognix
Legal

Data Processing Addendum

Last updated: 2026-05-02

This Data Processing Addendum ("DPA") forms part of the agreement between you ("Customer," the data controller) and Rognix Labs ("Rognix," the data processor) for the processing of personal data subject to the GDPR, UK GDPR, and equivalent laws.

Customers on Business or Enterprise plans can request a counter-signed PDF copy by emailing legal@rognix.com.

1. Subject matter and duration

Rognix processes personal data on Customer's behalf as necessary to provide the infrastructure intelligence service for the duration of the agreement, plus any post-termination retention period required by law or explicitly agreed (max 30 days for soft retention).

2. Nature and purpose of processing

Hosting and analyzing infrastructure metrics, generating insights, delivering notifications, and providing access to the Rognix application interface.

3. Categories of data subjects

  • Customer's authorized employees, contractors, and team members using Rognix.
  • Personal data collected: name, email, IP address (login + agent connection), session metadata.

Rognix does not process Customer's end-user personal data through the agent, the collector reads only resource and health metrics. Any personal data appearing in metric labels is incidental.

4. Customer responsibilities

  • Customer is responsible for the lawful basis to collect and process the personal data submitted.
  • Customer must inform their team members that Rognix is used as a sub-processor.

5. Rognix obligations

  • Process personal data only on documented Customer instructions, including via the Rognix application.
  • Ensure persons authorized to process data are bound by confidentiality.
  • Implement appropriate technical and organizational measures (see Security).
  • Assist Customer in responding to data subject requests within 30 days of receiving a request.
  • Notify Customer of any personal data breach within 72 hours of becoming aware.
  • Make available all information necessary to demonstrate compliance, and allow audits with reasonable notice.

6. Sub-processors

Current sub-processors:

  • Stripe, Inc., payment processing.
  • Resend, Inc., transactional email.
  • Wasabi Technologies, encrypted backups.
  • Vultr, primary hosting (EU region).

We notify Customer at least 30 days in advance of adding or replacing sub-processors. Customer can object by terminating the agreement; otherwise the change takes effect on the announced date.

7. International transfers

Rognix relies on EU Standard Contractual Clauses for any data transfer outside the EEA. Backups are encrypted before leaving the primary region.

8. Deletion

Upon termination, Rognix deletes all Customer personal data within 30 days. Encrypted backups are purged on their normal retention schedule, after which the data becomes cryptographically inaccessible.

9. Liability

Liability under this DPA is governed by the limitations in the main Terms of Service.

10. Contact

Data Protection Officer: dpo@rognix.com.