ReguScan|AI Compliance InfrastructureReturn to Dashboard

Data Processing Agreement

Last Updated: February 26, 2026

1. Introduction

This Data Processing Agreement ("DPA") is entered into between ReguScan Compliance Solutions ("Processor") and the user ("Controller") to comply with data protection obligations under applicable privacy laws, including the California Consumer Privacy Act (CCPA) and other relevant regulations.

This DPA supplements the Terms of Service and governs the processing of personal data by ReguScan on behalf of users.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
  • "Controller" means the natural or legal person who determines the purposes and means of processing Personal Data.
  • "Processor" means the natural or legal person who processes Personal Data on behalf of the Controller.

3. Processing of Personal Data

3.1 Scope and Purpose

ReguScan will process Personal Data only for the purpose of providing compliance scanning services as described in the Terms of Service. We will not process Personal Data for any other purpose without your prior written consent.

3.2 Types of Personal Data Processed

  • Contact information (email address)
  • Payment information (processed through Stripe)
  • Website URLs submitted for scanning
  • IP addresses and usage data

4. Data Security Measures

ReguScan implements the following technical and organizational security measures:

  • 256-bit SSL/TLS encryption for data in transit
  • Secure data centers with restricted access
  • Regular security assessments and penetration testing
  • Employee training on data protection practices
  • Incident response procedures

5. Subprocessors

ReguScan may engage subprocessors to assist in providing our services. Currently, we use the following subprocessors:

  • Stripe, Inc. - Payment processing
  • Vercel, Inc. - Hosting and infrastructure

6. Data Subject Rights

ReguScan will assist the Controller in responding to data subject requests, including:

  • Access to Personal Data
  • Correction of inaccurate Personal Data
  • Deletion of Personal Data
  • Restriction of Processing
  • Data Portability

7. Data Breach Notification

In the event of a data breach affecting Personal Data, ReguScan will notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach. We will provide all reasonable assistance to help the Controller meet its notification obligations.

8. Contact Information

For questions about this Data Processing Agreement, please contact:

Menifee, California
doomraidr0@gmail.com