1. Roles
Client is the Controller of Personal Data submitted to the services. Cendigo is the Processor and processes Personal Data only on documented instructions from the Controller.
2. Subject matter and duration
Processing covers the provision of managed website services for the duration of the subscription, plus any data export window.
3. Security measures
- TLS 1.2+ in transit; AES-256 at rest
- Role-based access and least privilege
- MFA required for admin accounts
- Audit logging across administrative operations
- Signed-upload workflows for client assets
- Regular backups with rotation policy
4. Sub-processors
Current sub-processors include hosting infrastructure, payments, transactional email, analytics, and error monitoring providers. The full list is available on request and changes are notified per Section 7.
5. Data subject rights
Cendigo assists the Controller in responding to data subject requests within applicable timelines.
6. International transfers
Standard Contractual Clauses (EU/UK) apply to transfers outside adequacy regions, with supplementary measures as needed.
7. Sub-processor changes
Cendigo notifies Controllers of new sub-processors at least 14 days in advance and provides a reasonable objection window.
8. Audit rights
Controller may request audit information once per year; Cendigo will provide reports and answer reasonable questionnaires.
9. Return or deletion
Upon termination, Cendigo returns or deletes Personal Data within the timelines stated in the Cancellation Policy.