Data Processing Agreement
The legally binding cryptographic and operational parameters governing EU Data processing via GOZEN HOST infrastructure.
TL;DR: The Core Parameters
- Pre-Signed Addendum: If you deploy infrastructure with an EU billing addresses or deploy nodes within European datacenters, this DPA is automatically executed.
- Controller vs Processor: You remain the absolute Data Controller. GOZEN HOST acts strictly as the Data Processor managing the underlying computing hardware.
- Sub-Processor Audits: All sub-processors (Datacenter Technicians, DDoS Mitigation edges) are contractually bound by Standard Contractual Clauses (SCCs).
- Breach Notification: We guarantee a 48-hour automated notification window for confirmed hardware-level breaches exposing local non-encrypted drives.
1. Execution & Implementation Scope
This Data Processing Agreement ("DPA") modifies our core Terms of Service. By deploying compute instances, network block storage, or interacting with our API from an IP within the European Economic Area (EEA), or by storing data subjects originating from the EEA, you automatically execute this agreement. GOZEN HOST LLC acts strictly as the Data Processor. You, the client, operate as the ultimate Data Controller.
2. Processor Operational Obligations
As your infrastructure processor, our technical obligations are mathematically rigid:
- We shall process arbitrary customer data (your deployed payloads) only in accordance with your documented API or UI instructions.
- We will not mine, extract, or parse raw data strings sitting inside your NVMe arrays for internal algorithmic research or AI-modeling without explicit deployment parameters.
- Upon termination of your service, all block metadata and instance configs will be purged entirely from volatile memory and wiped from SSD sectors utilizing a zero-overwrite pass within 30 days.
3. Controller Responsibilities
As the Data Controller, you maintain absolute responsibility for the legality of the personal data you inject into our infrastructure. This includes:
- Securing valid, documented consent from your end-users before transmitting their PII endpoints to our servers.
- Configuring local server firewalls (e.g. UFW, iptables) and managing application-level encryption keys for data resting on your partitioned volumes.
4. Physical & Cryptographic Security
We implement extensive architectural safeguards to protect processor-handled data against unauthorized interception:
- Transit Security: API and Control Panel commands are forced through TLS 1.3 protocol pipelines.
- Physical Isolation: Datacenter cages maintain multi-factor biometric entry authentication, restricted exclusively to cleared Level 3 hardware administrators.
- Network Segmentation: Dedicated hypervisor management networks are completely segregated from public customer-facing VLANs via hardware boundary firewalls.
6. Breach Escalation Protocols
If our internal telemetry or external auditors confirm a catastrophic leak affecting the integrity of the underlying hypervisor clusters or storage nodes:
- We will formally notify all affected Data Controllers via their registered emergency administrative emails within 48 operational hours of verifying the leak.
- We will provide known hardware vectors, mitigation steps executed, and coordinate with EU Supervisory Authorities where mandated by law.
Related Legal Documents
Execute a Custom DPA
If your enterprise corporate structure requires a physically signed, counter-executed version of this agreement, our legal operations team can facilitate a DocuSign transmission.
