Data Processing Agreement

01Scope and roles

This Data Processing Agreement (DPA) forms part of the Terms of Service between CorePath ("Processor") and the customer ("Controller"). It applies whenever CorePath processes personal data on the Controller’s behalf.

02Processing details

CorePath processes personal data only on documented instructions from the Controller, for the purpose of providing the platform — including QR codes, links, forms, invoices, PDFs, client portals, and analytics.

The nature and duration of processing, categories of data subjects, and types of personal data are described in the agreement and our Privacy Policy.

03Confidentiality

Personnel authorized to process personal data are bound by confidentiality obligations and access data strictly on a need-to-know basis.

04Security measures

CorePath implements appropriate technical and organizational measures to protect personal data, as described on our Security page, including encryption, access controls, and monitoring.

05Subprocessors

The Controller authorizes CorePath to engage subprocessors that are bound by data-protection terms no less protective than this DPA. We maintain an up-to-date list and provide notice of changes.

06Data subject requests & breach notification

CorePath assists the Controller in responding to data subject requests and notifies the Controller without undue delay upon becoming aware of a personal data breach.

07Requesting a signed DPA

To execute a signed DPA for your organization, contact our team and we will provide a copy for signature.