WrongPage
Start free

Data Processing Agreement

Stand: 2026-04-19

When this DPA applies

If personal data relating to your end-users is processed through WrongPage on your behalf, this Data Processing Agreement forms part of the agreement between you (controller) and Karl Machleidt (processor) under Art. 28 GDPR.

Subject-matter and duration

Subject: operation of the WrongPage typosquatting-detection service. Duration: for as long as the service is provided to you.

Nature and purpose of processing

DNS enumeration, passive analysis of lookalike domains, screenshotting of public web pages, storage of scan configuration and results, transactional alerting.

Categories of data subjects and data

Subjects: your employees and administrators with accounts on WrongPage. Data: email address, authentication data, audit logs, scan configuration, billing metadata. No special categories under Art. 9 GDPR.

Sub-processors

Listed in the privacy policy. We will notify you of changes by email 30 days before taking effect and you may object on reasonable, data-protection grounds.

Technical and organisational measures (Art. 32)

  • TLS 1.2+ in transit, disk encryption at rest.
  • Argon2 password hashing; optional TOTP multi-factor authentication.
  • Role-based access control, least-privilege admin access, audit logs.
  • Secrets managed via environment variables and not logged.
  • Regular dependency updates and CI-enforced linting/typing.
  • Automated backups with documented retention.

International transfers

Primary processing in the EEA (Hetzner, Germany). Transfers to the US (Stripe, Postmark, Cloudflare controller operations) rely on Standard Contractual Clauses plus documented Transfer Impact Assessments.

Subject-rights assistance

We will assist you in responding to data-subject requests without undue delay. Our service already provides self-service export and deletion endpoints.

Breach notification

We will notify you without undue delay (and within 72 hours of becoming aware) of any personal-data breach affecting your data, with the information required under Art. 33(3) GDPR.

Request a signed copy

Email info@wrongpage.com with your legal entity name; we will return a counter-signed PDF within 5 business days.