Hello there!
Need Help? We are right here!
Need Help? We are right here!
Thanks for your Enquiry.
If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com
Search Results:
×This data processing Addendum (“DPA”), forms part of, and is subject to Terms of Service, Privacy Policy, or other written or electronic terms of service or Service agreement including Non-Disclosure Agreement, User Agreement, etc. between Xecurify or its Affiliate that is party to such agreement (“Xecurify”) and the Customer defined thereunder, together with all Customer Affiliates who are signatories on an Order Form for their own Service pursuant to such Agreement (such agreement, the “Agreement”).
WHEREAS
(A) Customer acts as a Data Controller. Xecurify offers a suite of Software-as-Service (SaaS) applications, products and services provided as Xecurify-hosted or Self Hosted Services.
(B) Customer wishes to contract certain Services, which may include processing of Customer’s Personal Data to Xecurify.
(C) This Data Processing Addendum (the “DPA”) explains Xecurify’s privacy and security commitments and enables it to demonstrate compliance with applicable Privacy Laws.
(D) The parties agree to comply with the following provisions with respect to Personal Data, each acting reasonably and in good faith.
All capitalized terms not defined herein shall have the meaning set forth in the Agreement.
Customers shall, at all times Process Personal Data, and provide instructions for the Processing of Personal Data in compliance with the Data Privacy Laws. Customers shall ensure that its Instructions comply with all laws, rules and regulations applicable in relation to the Personal Data and that the Processing of Personal Data in accordance with Customer’s Instructions will not cause Xecurify to be in breach of the Data Privacy Laws. Customer is solely responsible for the accuracy, quality and legality of (i) Personal Data provided to Xecurify by or on behalf of Customer, (ii) the means by which Customer acquired any such personal Data, and (iii) the Instructions it provides to Xecurify regarding the Processing of such Personal Data. Customer shall not provide or make available to Xecurify any Personal Data in violation of the Agreement or which is otherwise inappropriate for the nature of the Service, and shall indemnify Xecurify from all claims and losses in connection therewith.
Xecurify shall Process Personal Data only (i) for purposes set forth in the Agreement, (ii) in accordance with the terms and conditions set forth in this DPA and any other documented Instructions provided by Customer, and (iii) in compliance with the Directive and the GDPR. Customer hereby instructs Xecurify to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Customer in its use of Service.
Customer may transfer Personal Data to Xecurify, the extent of which is determined in Customer’s sole discretion, and which may include Personal Data relating to: the following categories of Data Subjects: (i) the Customer's Authorized Individuals, employees, contractors or other Representatives, and (ii) Customer’s end users/customers.
The Personal Information Customer provides is used for such purposes as answering questions, improving the content of the website,customizing the content, and communicating with the Visitors about Xecurify’s Services, including releases. This information helps to categorize the question, track potential problems and trends and customize Xecurify’s support responses to better serve the Customer. Xecurify shall keep Personal Data confidential and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing initiated by Users in their use of the Service; and (iii) Processing to comply with other documented, reasonable instructions provided by Customer (for example, via email) where such instructions are consistent with the terms of the Agreement.
Xecurify shall not be required to comply with or observe Customer’s instructions if such instructions would violate the GDPR or other EU law or EU member state data protection provisions.
The subject-matter of the Processing of Personal Data by Xecurify is the performance of the Service pursuant to the Agreement, Identity and access management and related services pursuant to the Agreement. The duration of the Processing shall be for the Term of the Agreement. Personal Data within the Service post-termination of the Agreement will be retained and deleted in accordance with the Documentation. Sub-processors may only Process Personal Data as necessary for the performance of the Service pursuant to the Agreement and for the duration of the Agreement.
The Customer may transfer the following types of Personal Data for the purposes set out in this DPA:
To the extent legally permitted, Xecurify shall promptly notify Customer if Xecurify receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Factoring into account the nature of the Processing, Xecurify shall assist Customer by appropriate organizational and technical measures, in so far as this is possible, for the fulfillment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Service, does not have the ability to address a Data Subject Request, Xecurify shall, upon Customer’s request, provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent that Xecurify is legally authorized to do so, and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Xecurify’s provision of such assistance.
Xecurify shall use commercially reasonable measures to ensure the reliability and training of any employee, agent or contractor of any Authorized Employee or its personnel who may access the Personal Data. Xecurify shall ensure that Authorized Employees or its personnel are aware of the Confidential Information nature of the Personal Data and are bound by confidentiality agreements to Xecurify, during and after their engagement with Xecurify. Xecurify shall use commercial reasonable measures to limit access to Personal Data to only Authorized Individuals.
Customer acknowledges and agrees that (a) Xecurify’s Affiliates may be retained as Sub-processors; and (b) Xecurify and Xecurify’s Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Service. Xecurify shall provide notification of a new Sub-processor(s) before authorizing any new Subprocessor(s) to process Personal Data in connection with the provision of the applicable Service.
Xecurify’s Subprocessor : Amazon Web Service(AWS)
In order to exercise its right to object to Xecurify’s use of a new Sub-processor, Customer shall notify Xecurify promptly in writing within ten (10) business days after receipt of Xecurify’s notice in accordance with the mechanism set out above. In the event Customer objects to a new Sub-processor, and that objection is not unreasonable, Xecurify will use reasonable efforts to make available to Customer a change in the Service or recommend a commercially-reasonable change to Customer’s configuration or use of the Service to avoid Processing of Personal Data by the objected-to new Subprocessor without unreasonably burdening the Customer. If Xecurify is unable to make available such change within a reasonable time period, which shall not exceed thirty (30) days, Customer may terminate the applicable Order Form(s) with respect only to those aspects of the Service which cannot be provided by Xecurify without the use of the objected-to new Sub-processor by providing written notice to Xecurify. Xecurify will refund Customer any prepaid fees covering the remainder of the term of such Order Form(s) following the effective date of termination with respect to such terminated Service.
Customer acknowledges and agrees that Xecurify may engage Sub-processors as described in this Section for the fulfillment of Xecurify’s obligations under Clause 9(a) of the Standard Contractual Clauses. The parties agree that the copies of the Sub-processor agreements that must be provided by Xecurify to Customer pursuant to Clause 9(c) of the Standard Contractual Clauses may have all commercial information, or clauses unrelated to the Standard Contractual Clauses or their equivalent, removed by Xecurify beforehand to protect business secrets or other confidential information; and, that such copies will be provided by Xecurify, in a manner to be determined in its discretion, only upon request by Customer.
Xecurify shall be liable for the acts and omissions of its Sub-processors to the same extent Xecurify would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.
Xecurify shall maintain appropriate organizational and technical measures for protection of the security (including protection against unauthorized or unlawful Processing, and against unlawful or accidental destruction, alteration or damage or loss, unauthorized disclosure of, or access to, Customer Data), confidentiality, and integrity of Customer Data. Xecurify regularly monitors compliance with these measures. Xecurify will not materially decrease the overall security of the Service during a subscription term.
Xecurify has in place reasonable and appropriate security incident management policies and procedures, and shall notify Customer without undue delay after becoming aware of the unlawful or accidental destruction, alteration or damage or loss, unauthorized disclosure of, or access to, Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Xecurify or its Sub-processors of which Xecurify becomes aware (hereinafter, a “Customer Data Incident”). Xecurify shall make reasonable efforts to identify the cause of such Customer Data Incident, and take those steps as Xecurify deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident, to the extent that the remediation is within Xecurify’s reasonable control. The obligations set forth herein shall not apply to incidents that are caused by either Customer or Customer’s Users.
Xecurify shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data, unless the retention of the data is requested from Xecurify according to mandatory statutory laws.
The parties agree that, by executing the DPA, the Customer enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliate(s), thereby establishing a separate DPA between Xecurify and each such Authorized Affiliate, subject to the provisions of the Agreement. Each Authorized Affiliate agrees to be bound by the obligations under this DPA and, to the extent applicable, the Agreement. An Authorized Affiliate is not and does not become a party to the Agreement, and is only a party to the DPA. All access to and use of the Service by Authorized Affiliate(s) must comply with the terms and conditions of the Agreement and any violation thereof by an Authorized Affiliate shall be deemed a violation by Customer.
The Customer that is the contracting party shall be responsible for coordinating all communication with Xecurify under this DPA, and shall be entitled to transmit and receive any communication in relation to this DPA on behalf of its Authorized Affiliate(s).
Xecurify takes reasonable steps to ensure the reliability of its staff and any other person acting under its supervision who may come into contact with, or otherwise have access to and Process, Personal Data; ensure persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and ensure that such personnel are aware of their responsibilities under this Data Protection Addendum and any Data Protection Laws (or Company’s own written binding policies are at least as restrictive as this Data Protection Addendum).
The Standard Contractual Clauses apply to: (i) the legal entity that has executed the Standard Contractual Clauses as a data exporter and its Authorized Affiliates and, (ii) all Affiliates of Customer established within the European Economic Area, Switzerland and the United Kingdom, which have signed Order Forms for the Service. For the purpose of the Standard Contractual Clauses the aforementioned entities shall be deemed “data exporters.” If necessary to fulfill its legal obligations, Customer may share a copy of the attached Standard Contractual Clauses with Data Subjects.
Subject to the confidentiality obligations set forth in the Agreement, Xecurify performs internal security audits periodically, and upon the request from the customer, can make available the audit reports to the customer.. Customers can perform third party security audits through independent Third Party Auditors of their choice, charges and expenses for such audits shall be borne by the customer. Before the commencement of any such audit, Customer and Xecurify shall mutually agree upon the scope, timing, and duration of the audit.
The total liability of each of Customer and Xecurify (and their respective employees, directors, officers, affiliates, successors, and assigns), arising out of or related to this Agreement, whether in contract, tort, or other theory of liability, shall not, when taken together in the aggregate, exceed the limitation of liability set forth in the Agreement.
Claims from one party due to the other party’s non-compliance with this DPA shall be subject to the same limitations as in the Customer Use Agreement. In assessing whether the limitation is reached, claims under this Agreement and the Customer Use Agreement shall be viewed in conjunction, and the limitation in the Customer Use Agreement shall be viewed as a total limitation.
Last Updated Date: Aug 7th, 2025
This Data Processing Addendum (DPA) is between you (‘Customer’, ‘client’, ‘you’, the ‘Controller’) and Xecurify Inc. (DBA miniOrange Security Software Private Limited, referred to herein as ‘miniOrange’, ‘Xecurify’, the ‘Processor’ or ‘we’).
PLEASE READ THIS AGREEMENT BEFORE USING ANY XECURIFY SOFTWARE OR SERVICES. BY DOWNLOADING, INSTALLING, OR USING ANY XECURIFY SOFTWARE OR SERVICES, YOU (“the Customer”) SIGNIFY ACCEPTANCE OF AND AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT.
“Customer” or “you” agree to the terms of this Agreement. If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its Affiliates to this Agreement. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this Agreement and may not use the Service. This Agreement is effective as of the date that you accept it.
Our primary goal is to have a secure connection between people and technology. miniOrange believes in creating products and services that are secure, resilient, and assured. This agreement will let you know all the security policies and measures taken to protect the personally Identifiable Information. We have implemented various security measures to protect all personal information in accordance with industry standards.
Please note that this data processing addendum applies to clients or customers or you who are using miniOrange Products or services to provide Cloud and in-house based Solutions. These solutions will particularly require personal information about you or your employees to provide you with appropriate security.
Provided, miniOrange processes this data as a Data Processor when instructed, and the personal data is provided by its clients or you (or their representatives) to process the personal information. miniOrange will not be responsible for the privacy of the customer's or your personal information that is not described in this privacy policy.
This section applies to how miniOrange collects personal information in the following ways.
1. You create an account or register with us, such as Name, email address, contact information, Company Name, and Designation.
2. When you contact our customer support, we collect information such as name, email address, and phone number to contact you back for resolving the queries. The Personal Information you provide is used for such purposes as answering questions, improving the content of the website, customizing the content, and communicating with the website visitors about miniOrange’s Services, including specials and new features. This information helps us to categorize the question, track potential problems and trends, and customize our support responses to better serves you.
3. When you use our services, we also collect device-specific information (e.g., mobile and desktop) from you in order to provide the Services. Device-specific information includes attributes (e.g., hardware model, operating system, web browser version, as well as unique device identifiers), connection information (e.g., name of your mobile operator or ISP, browser type, language and time zone, and mobile or phone number) ; and device locations (e.g. internet protocol addresses and Wi-Fi). This information is particularly useful for providing you with the services.
4. We send your agreement details, such as signature and payment details, and use third-party payment processing services to collect the payments. This information will include your billing address, billing name, and credit card details, in order to receive payment for some products and services.
5. We may use some third-party services to improve our functionalities. These services may require cookies, sessions, and metadata to be stored on our part. Cookies are stored in Xecurify’s browsers. Sessions are stored on our servers or in cookies. Metadata is stored on the servers of our third-party service providers (currently AWS), according to their policies, and data shall be duly encrypted. This type of data will allow us to understand what type of individuals are using our services, products, and websites.
6. We also have to collect the device data to understand the different types of users on different devices at different locations, which will allow us to improve our website, products, and services. These third-party service providers are only used to collect some limited information to improve our services, not to use or disclose for other purposes.
miniOrange uses AWS as a sub-processor for hosting the cloud solution. miniOrange cloud solution is hosted on AWS on the US Server located in North Virginia and the EU Server located in Stockholm, Sweden. Look at AWS EU data protection from here - https://aws.amazon.com/compliance/eu-data-protection/. miniOrange does not assign any other sub-processors unless required or authorized by the company.
In case of any change, modification, upgradation, addition, substitution, etc. in the sub-processors, all the change information is conveyed to the customer or you via a notification email. The Customer shall have the right to object in writing to any changes to the Controller’s or sub-processors within ten (10) business days following receipt of notice of such change. If you and miniOrange cannot mutually agree to a reasonable resolution to the Customer’s objection, either party may terminate the Agreement (including the service) upon written notice to the other party within thirty (30) days of the date of notification of the change.
miniOrange maintains and uses reasonable administrative, organizational, technical, and physical safeguards to protect your information from loss, destruction, misuse, unauthorized access, or disclosure, as required by the applicable Data Protection Laws. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users).
Reference to “Data Protection Laws” under this Agreement shall include reference to the EU GDPR, the Digital Personal Data Protection Act 2023 (DADPA), and any other data protection law applicable to the processing of personal data under this Agreement.
We collect information under the direction of our customers and have no direct relationship with the individual Users/employees whose personal data we processes.We work with our customers to help them provide notice to their employees or individuals concerning the purpose for which personal information is collected. We collect information for our customers.
If an employee or representative of one of our customers no longer likes to use our service/s, they may do so by contacting us directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to the client or us. If the client’s Customer requests that we delete the data, we will respond to their request within 10 business days.
We will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customers, unless instructed otherwise by the customer or the owner of the personal data. We will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, i.e. in accordance with the applicable Data Protection Laws.
We retain personal information we collect from you where we have an ongoing legitimate interest to do so (for example, to comply with applicable legal, tax, or accounting requirements, to enforce our agreements, or comply with our legal obligations).
When we have no ongoing legitimate interest need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible.
When processing Subscriber Data on behalf of our Subscribers, we will retain Subscriber Data for as long as the Subscriber instructs us to and/or as required by applicable law.
We notify you without undue delay and in any event within twenty-four (24 hours) of becoming aware of a Personal Data Breach affecting Personal Data. We will provide all available details and cooperate with you to investigate and respond to the breach, including assisting with any legal or regulatory notifications required under Data Protection Laws.
The Parties shall cooperate to promptly resolve any disputes or complaints arising under this Agreement, including any inquiries or complaints from Data Subjects or supervisory authorities. If resolution is not reached within thirty (10) days, either Party may pursue remedies in accordance with the US law and Wyoming jurisdiction provisions of this Agreement.
If you are an individual in the United Kingdom, the European Economic Area (EEA), or of another relevant jurisdiction, we collect and process information about you only where we have a legal basis for doing so under applicable laws. The legal bases depend on the products and services that your organization has purchased from Xecurify, how such products and services are used, and how you choose to interact and communicate with Xecurify’s websites, systems, and whether you attend Xecurify events. This means we collect and use your Personal Data only where:
The Customer (Data Controller) shall indemnify, defend, and hold harmless the Service Provider (Data Processor), its affiliates, officers, employees, and agents (“Indemnified Parties”) from and against all direct losses, claims, liabilities, damages, penalties, costs, and expenses (including reasonable legal fees) suffered or incurred by the Indemnified Parties, arising from or in connection with:
b. Exclusion of Indirect Losses
The Service Provider shall not be liable to the Customer, whether in contract, tort (including negligence), or otherwise, for any:
To the extent permitted by applicable law and except for liabilities that cannot be excluded or limited (as provided below), the total aggregate liability of the Service Provider under or in connection with this Data Processing Addendum (whether in contract, tort, negligence, breach of statutory duty, or otherwise) shall be limited to the total fees paid or payable by the Customer to the Service Provider under this DPA in the twelve (12) months immediately preceding the event giving rise to the liability.
(i) limit or exclude either Party’s liability for death or personal injury resulting from its own negligence;
(ii) limit or exclude liability for fraud or fraudulent misrepresentation;
(iii) limit or exclude any liability that cannot be limited or excluded under applicable law.
The Service Provider’s liability for a personal data breach (as defined under applicable Data Protection Laws) shall be limited as specified above unless such breach is directly and solely caused by the gross negligence or willful misconduct of the Service Provider.
This Agreement shall be effective from the date when it is accepted, after which date the terms of the MSA shall also become effective. This Agreement shall continue in effect throughout the duration of the MSA and until the MSA or the services are terminated, whichever occurs in the latest.
Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 3, 7, and 10.
Except to the extent expressly provided otherwise in this Agreement, the termination of this Agreement shall not affect the accrued rights of either party.
Any notice from one party to the other party under this Agreement must be given by one of the following methods: (a) delivered personally; (b) sent by courier; (c) sent by recorded signed-for post; (d) sent by email; or (e) submitted using recipient party’s online contractual notification facility.
The parties’ contact details for notices shall be those under Clause 17, unless either one of the parties informs the other party otherwise (in writing).
The Standard Contractual Clauses (“SCCs”) apply to a) the legal entity that has executed the Standard Contractual Clauses as a data exporter and its Authorized Affiliates and, b) all Affiliates of Customers established within the European Economic Area, Switzerland, and the United Kingdom, which have signed Order Forms for the Service. For the Standard Contractual Clauses, the aforementioned entities shall be deemed “data exporters.” If necessary to fulfill its legal obligations, Customer may share a copy of the attached Standard Contractual Clauses with Data Subjects. The applicable version of the SCC’s shall be the version issued in 2021 by means of Commission Implementing Decision EU 2021/914.
These Terms and any dispute arising out of or related to these Terms shall be governed by the laws of the State of Wyoming, USA, without regard to its conflict of laws rules.
We will notify you when we change this Agreement. We may change this Agreement from time to time. If we make significant changes in the way we treat your personal information or to the Agreement, we will provide notice by posting on the Website or sending an email before the change becomes effective, unless such amendment is in accordance with law or mandated by the applicable supervisory authority for data protection. In the event that you disagree with the amendments to this Agreement, you may notify us accordingly and terminate use of the services.
If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:
Email us at: info@Xecurify.com Or call us at +1 978 658 9387
Or you can fill out a form with your question/concern: https://www.miniorange.com/contact.
NOW, THEREFORE, THIS AGREEMENT WITNESSETH AND IT IS HEREBY AGREED BY AND BETWEEN THE PARTIES HERETO AS FOLLOWS:
Agreed To:
...................
Name: __________________
Title: __________________
Date: __________________
Agreed To:
Xecurify INC
1621 1621 Central Ave, Cheyenne, WY 82001
Name: __________________
Title: __________________
Date: __________________