Data Processing Agreement (DPA)

Effective date: March 19, 2026  ·  Last updated: March 19, 2026

This Data Processing Agreement ("DPA") applies to Uptivus services provided by Fluenik, LLC ("Processor") where a customer acts as a controller and Fluenik, LLC processes Customer Personal Data on the customer's behalf under applicable data protection laws (including GDPR and UK GDPR).

Download a copy: Uptivus DPA (.md).

1. Scope and Order of Precedence

This DPA is incorporated into the Uptivus Terms and governs the processing of Customer Personal Data by Fluenik, LLC while providing Uptivus services. If there is a conflict between this DPA and the commercial terms, this DPA controls for data protection matters.

2. Roles

• Customer is the controller (or processor acting on behalf of its controller).
• Fluenik, LLC is the processor.
• Customer determines the purposes and means of processing for data submitted to Uptivus, including monitor configuration and incident information.

3. Subject Matter and Duration

• Subject matter: operation of Uptivus uptime monitoring platform, alerting workflows, status pages, and related support.
• Duration: for the term of the customer agreement, plus limited retention and deletion windows described in Uptivus documentation and privacy policy.
• Nature: collection, organization, storage, retrieval, consultation, transmission, and deletion of Customer Personal Data.
• Purpose: provide monitoring, alerting, incident analysis, AI-assisted insights, and related security and support operations.

4. Categories of Data and Data Subjects

Depending on customer configuration, Customer Personal Data may include:

• Account data (name, email, profile information).
• Authentication data (hashed password and session tokens).
• Monitor and endpoint configuration metadata.
• Incident and availability history data.
• Technical and usage data (IP address, browser metadata, timestamps, event logs).
• Customer support and communication records.

Data subjects may include customer personnel and customer end users.

5. Processor Obligations

• Process Customer Personal Data only on documented instructions from Customer.
• Not use Customer Personal Data to train our own generalized AI or machine learning models.
• Ensure personnel with access are bound by confidentiality obligations.
• Implement appropriate technical and organizational safeguards, including encryption in transit, access controls, and security monitoring.
• Assist Customer with data subject requests and regulatory obligations to the extent required by applicable law.
• Notify Customer without undue delay after becoming aware of a confirmed personal data breach affecting Customer Personal Data.
• Delete or return Customer Personal Data at end of services, except where retention is required by law.

6. Subprocessors

Customer authorizes the subprocessors listed at /subprocessors. Fluenik, LLC remains responsible for subprocessors to the extent required by applicable law.

7. International Data Transfers

Uptivus infrastructure is primarily hosted in the United States. Customer Personal Data may be transferred to the U.S. or other countries where subprocessors operate.

Where required, transfer mechanisms include adequacy decisions, the EU-U.S. Data Privacy Framework (and UK/Swiss extensions where applicable), and/or Standard Contractual Clauses (including required UK/Swiss transfer addenda and supplementary measures).

8. Audit and Information Rights

Upon reasonable written request, Fluenik, LLC will provide information reasonably necessary to demonstrate compliance with this DPA, taking into account confidentiality, security, and proportionality requirements.

9. Liability

Liability under this DPA is subject to the liability framework and limitations in the applicable customer agreement, except where prohibited by law.

10. Contact

Privacy and DPA requests: [email protected]