Last Updated: February 16, 2026
This Data Processing Addendum (“Addendum”) forms part of the Master Service Agreement or Terms of Service (the “Agreement”) between Mapcise.com Inc. (“Dagflux”) and the entity appearing in the Agreement (“Client”).
“Controller” means the Client, the entity that determines the purposes and means of the processing of Personal Data.
“Processor” means Dagflux, the entity that processes Personal Data on behalf of the Controller.
“Data” or “Personal Data” means any information relating to an identified or identifiable natural person processed by Dagflux via the ETL workflows.
“Processing” means any operation performed on the data, such as extraction, transformation, loading, and routing through APIs.
2.1 Roles: The parties acknowledge that for the purposes of the GDPR and similar data protection laws, Client is the Controller and Dagflux is the Processor.
2.2 Desktop Processing: Client acknowledges that when using the Dagflux Desktop Application for local ETL workflows, the data remains within the Client’s local environment. In such instances, Dagflux does not “process” the data on its servers, and Client is solely responsible for the security of that data.
2.3 Cloud Processing: When Client utilizes Dagflux Cloud Services, Dagflux processes data as instructed by the Client through the configured workflows and API connections.
Dagflux agrees to:
Process Data Only on Instructions: Process Personal Data only documented instructions from the Client (including the configurations set in the Dagflux workflow builder).
Confidentiality: Ensure that all persons authorized to process the Personal Data have committed themselves to confidentiality.
AI Safeguards: Ensure that no Client Data processed through ETL pipelines is used to train Dagflux’s global machine learning models without the Client’s explicit written consent.
Dagflux shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption: Encryption of API credentials at rest (AES-256) and data in transit (TLS 1.2+).
Access Control: Strict identity and access management for internal employees.
Vulnerability Management: Regular security patching and monitoring of the ETL infrastructure.
5.1 Authorized Sub-processors: Client grants a general authorization to Dagflux to engage sub-processors (e.g., AWS, Google Cloud, Stripe) to provide the infrastructure for the Services.
5.2 Liability: Dagflux remains fully liable to the Client for the performance of the sub-processor’s obligations.
Dagflux shall, to the extent legally permitted, promptly notify Client if it receives a request from a Data Subject (the Client’s end users) to exercise their right of access, rectification, or deletion. Since Dagflux is a conduit (ETL), Dagflux will provide Client with the tools to delete stored credentials or metadata, but Client is responsible for managing data within their own source/destination APIs.
In the event of a confirmed Personal Data Breach within the Dagflux Cloud Platform, Dagflux shall:
Notify Client without undue delay (and in no event later than 72 hours).
Provide sufficient information to allow the Client to meet any obligations to report the breach to authorities or data subjects.
Upon termination of the Agreement, Dagflux shall, at the choice of the Client, delete or return all Personal Data (including API keys and workflow metadata) to the Client, unless applicable law requires storage of the Personal Data.
The total liability of either party under this Addendum shall be subject to the limitation of liability clauses set forth in the main Agreement (Terms of Service). Dagflux is not liable for data breaches occurring at the Source API or Destination API points managed by the Client.
