Data Processing Addendum (DPA)

Last updated: April 4, 2026

This page provides a working DPA summary/template for Nyoxis customers. It is a practical implementation draft and should be reviewed by legal counsel before contract execution.

1. Parties and Roles

• Customer: Data Controller (or Processor, depending on usage)
• Nyoxis: Data Processor for customer-submitted service data

2. Subject Matter and Duration

Nyoxis processes customer-submitted request telemetry and related metadata to provide threat analytics, request logging, and model-driven classification services.

Processing duration: for the term of the service agreement plus applicable retention/deletion windows.

3. Nature and Purpose of Processing

Processing includes:

• Ingestion of HTTP request data sent by customer integrations
• Sensitive-data redaction and normalization
• Generation/storage of request patterns for ML classification and training quality
• Session/reputation analytics for security operations

4. Categories of Data

Depending on customer usage, submitted data may include:

• Request content (headers, path, query, body)
• Network metadata (IP information)
• Device/client metadata (User-Agent, language headers)
• Account and operational metadata

Nyoxis sanitization attempts to replace sensitive fields with <redacted> where supported.

5. Data Subject Categories

May include customers' end users, administrators, developers, and other users whose request metadata appears in submitted traffic.

6. Subprocessors

Nyoxis uses subprocessors listed on Subprocessors. Nyoxis will maintain this list and update it when material changes occur.

7. Security Measures

Nyoxis applies technical and organizational measures including access controls, redaction workflows, and operational monitoring.

8. Data Subject Requests

Nyoxis will provide reasonable assistance to customers responding to data-subject requests, considering processing nature and available information.

9. International Transfers

Where personal data is transferred internationally, parties will implement legally required transfer safeguards.

10. Deletion and Return

Upon termination or customer request (subject to legal/operational constraints), Nyoxis will delete or return personal data processed under the agreement.

Current baseline retention summary:

• Request logs: up to 60 days (plan dependent)
• Normalized request patterns: may be retained indefinitely for ML quality/training unless contractual terms require otherwise

11. Audit and Information Rights

Nyoxis will provide reasonable information necessary to demonstrate compliance, subject to confidentiality and security restrictions.

12. Contact

For DPA execution or questions: [email protected]