Data Processing Agreement

This Data Processing Agreement ("DPA") is an addendum to the Terms of Service between AGG Labs ("Data Processor") and you ("Data Controller"). It applies to the extent that AGG Labs processes Personal Data on your behalf in the course of providing the AGG Loop service, subject to the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Roles and Scope of Processing

• Data Controller: You are the Controller of all payload data (L7 traffic) transmitted through the AGG Loop tunnels. You determine the purposes and means of processing this data.
• Data Processor: AGG Labs acts as the Processor. We process data strictly to provide the routing, tunneling, and firewall capabilities defined in our Terms of Service.
• Nature of Processing: Our processing is strictly limited to receiving encrypted network packets at our edge nodes and securely forwarding them to your authorized local daemon. We do not perform analytics on your payload content.

2. Technical and Organizational Measures (TOMs)

AGG Labs implements and maintains stringent Technical and Organizational Measures to ensure a level of security appropriate to the risk, including:

• Encryption: TLS 1.3 for all dashboard communications and AES-256 for data at rest (e.g., stored credentials, API tokens). Tunnel multiplexing is secured via modern cryptographic standards.
• Isolation: Kernel-level packet processing ensures strict multi-tenant isolation. Tunnels cannot intercept or route traffic meant for other workspaces.
• Access Controls: Infrastructure access is restricted to authorized AGG Labs engineers via multi-factor authentication (MFA) and Zero Trust gateways.

3. Sub-processors and Data Transfers

To provide global edge routing, we engage third-party infrastructure providers ("Sub-processors"). You grant AGG Labs general authorization to use Sub-processors such as Amazon Web Services (AWS), DigitalOcean, and Cloudflare.

International Transfers: Where the processing of Personal Data involves a transfer outside the European Economic Area (EEA), AGG Labs ensures that such transfers are governed by the Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, guaranteeing an adequate level of data protection.

4. Incident Response & Breach Notification

If AGG Labs becomes aware of a confirmed security breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of your Personal Data on our infrastructure, we will notify you without undue delay (and in any event within 72 hours).

Important Exception: AGG Labs is not responsible for data breaches resulting from your exposed endpoints. If you route an unauthenticated database or vulnerable application through an AGG Loop tunnel, the resulting data loss is solely your responsibility as the Data Controller.

5. Deletion and Return of Data

Upon termination of your account or at your explicit request, AGG Labs will permanently delete all associated routing rules, edge certificates, API keys, and temporary telemetry logs from our active systems, unless further storage is strictly required by applicable law or active law enforcement investigations.

6. Audit Rights

Upon written request, AGG Labs will make available all information reasonably necessary to demonstrate compliance with this DPA. Audits shall be subject to strict confidentiality agreements and limited to verifying our Technical and Organizational Measures.