Goexa
Goexa Newsletter
SubscribeSign in

Last updated: 1 June 2026

Data Processing Agreement (DPA)

For business customers where Goexa processes personal data on your behalf as a processor under applicable data protection law (including GDPR Article 28).

This page summarizes our standard DPA terms. For a countersigned copy, contact dpa@oexa.org.

1. Roles

Customer is the data controller. Goexa (oexa.org operator) (Goexa) acts as data processor when providing the platform, hosting content, sending emails on your instructions, or running analytics integrations you enable.

2. Subject matter and duration

Processing is limited to operating the Goexa editorial platform, newsletter delivery, analytics connectors (e.g. Google Analytics / Search Console), and AI-assisted content workflows configured by authorized users. Processing continues for the term of your agreement and until deletion or return of data as described below.

3. Categories of data and data subjects

  • Contact data (names, business emails) of your team and subscribers you import
  • Content and metadata you upload (articles, images, prompts)
  • Technical logs (IP addresses, user agents) necessary for security and operations

4. Processor obligations

We will:

  • Process personal data only on documented instructions from the controller
  • Ensure personnel confidentiality
  • Implement appropriate technical and organizational measures (see our Security page)
  • Assist with data subject requests where feasible
  • Notify you without undue delay of personal data breaches affecting your data
  • Delete or return personal data at end of service, subject to legal retention

5. Subprocessors

We use vetted subprocessors (hosting, database, email, AI, analytics). An indicative list appears in our Privacy Policy. We will provide notice of material changes where required by law.

6. International transfers

Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, as applicable.

7. Audits

Upon reasonable written request, we will provide information necessary to demonstrate compliance, subject to confidentiality and frequency limits.

8. How to execute

Email dpa@oexa.org with your company name, billing contact, and processing description. We will send the current DPA annex for signature.

These pages are template drafts for review by qualified counsel before relying on them for compliance purposes.