This Data Processing Addendum (“DPA”) forms part of the Terms of Service (“Agreement”) between New Horizon Code PTY LTD (“ProxyGuard”, “Processor”) and the customer (“Customer”, “Controller”).
This DPA applies where ProxyGuard processes Personal Data on behalf of Customer in connection with the Service.
1. Definitions
For purposes of this DPA:
- Controller means the entity that determines the purposes and means of processing Personal Data.
- Processor means the entity that processes Personal Data on behalf of the Controller.
- Personal Data means any information relating to an identified or identifiable natural person.
- Processing means any operation performed on Personal Data, including transmission, routing, or storage.
- Applicable Data Protection Laws means all applicable privacy and data protection laws, including:
- EU General Data Protection Regulation (GDPR)
- UK GDPR
- Australian Privacy Act 1988
- and other applicable privacy laws
2. Roles of the Parties
Customer acts as the Controller of Personal Data processed through the Service.
ProxyGuard acts as a Processor, processing Personal Data solely on behalf of Customer.
ProxyGuard does not determine the purposes or means of processing Customer Personal Data. ProxyGuard processes Personal Data only as instructed by Customer and as necessary to provide the Service.
3. Nature and Purpose of Processing
ProxyGuard provides proxy infrastructure that forwards requests from Customer systems to third-party AI providers selected by Customer.
Processing activities include:
- Transmitting requests
- Authenticating access
- Providing operational metadata
- Providing usage tracking and analytics
- Maintaining service security and reliability
ProxyGuard does not use Personal Data for its own independent purposes. ProxyGuard does not sell Personal Data.
4. Details of Processing (GDPR Article 28(3))
The details of Personal Data processing under this DPA are as follows:
| Subject Matter | ProxyGuard proxy infrastructure and analytics service that forwards requests between Customer systems and third-party AI providers. |
| Nature of Processing | Transmission, routing, authentication, and operational processing of Customer-directed requests. |
| Purpose of Processing | To provide proxy functionality, authentication, usage tracking, analytics, security, and service reliability. |
| Duration of Processing | For the duration of the Customer's use of the Service and as required to fulfill operational and legal obligations. |
| Categories of Personal Data | Account information (such as email address), authentication identifiers, and operational metadata. ProxyGuard does not store AI prompts, responses, or generated content. |
| Categories of Data Subjects | Customer users, Customer personnel, and individuals whose data may be transmitted by Customer through the Service. |
| Processing Activities | Forwarding requests, authenticating access, generating usage metadata, enforcing safeguards, and maintaining system reliability. |
| Special Categories of Data | ProxyGuard does not intentionally collect or store special categories of Personal Data. Customers are responsible for lawful processing of any such data transmitted. |
5. No Storage of AI Prompts or Responses
ProxyGuard does not store or retain AI prompts, responses, or AI-generated content.
AI request and response content is processed transiently in memory solely to forward requests between Customer and Customer-selected providers. Such content is discarded immediately after transmission.
ProxyGuard stores only operational metadata necessary to provide the Service.
6. Customer Instructions
Customer instructs ProxyGuard to process Personal Data solely as necessary to provide the Service.
Customer is responsible for ensuring lawful processing of Personal Data. Customer represents that it has all necessary rights and permissions.
7. Confidentiality
ProxyGuard ensures that personnel authorized to process Personal Data are subject to confidentiality obligations.
Access to Personal Data is limited to personnel necessary to operate the Service.
8. Security Measures
ProxyGuard implements reasonable technical and organizational measures designed to protect Personal Data, including:
- Encryption in transit
- Access controls
- Authentication safeguards
- Infrastructure security
However, Customer acknowledges that no system can guarantee absolute security. ProxyGuard does not guarantee prevention of all unauthorized access, breaches, or failures.
9. Subprocessors
ProxyGuard may use subprocessors to provide infrastructure and operational services. ProxyGuard ensures subprocessors are subject to appropriate data protection obligations.
Current subprocessors include:
| Subprocessor | Purpose | Data Processed |
|---|---|---|
| Supabase | Database and authentication infrastructure | Account data, authentication data, operational metadata |
| Fly.io | Proxy infrastructure hosting | Request routing and operational metadata |
| Upstash / Redis | Rate limiting and operational caching | Authentication identifiers and operational metadata |
| Resend | Transactional email delivery | Email addresses and notification content |
| Loops | Email communications and waitlist management | Email addresses and communication data |
ProxyGuard may update subprocessors from time to time.
10. International Data Transfers
Customer acknowledges that Personal Data may be processed in countries outside Customer’s jurisdiction.
ProxyGuard implements reasonable safeguards designed to protect Personal Data during international transfers.
11. Data Subject Rights
ProxyGuard will provide reasonable assistance to Customer in responding to data subject requests, including:
- Access requests
- Correction requests
- Deletion requests
Customer remains responsible for responding to such requests.
12. Data Breach Notification
ProxyGuard will notify Customer without undue delay after becoming aware of a confirmed Personal Data breach affecting Customer Personal Data.
Notification will include available relevant information.
13. Data Retention and Deletion
ProxyGuard retains Personal Data only as necessary to provide the Service and comply with legal obligations.
Upon termination of the Service, Customer may request deletion of Customer Personal Data. Certain operational metadata may be retained as required for legal, security, or operational purposes.
14. Audit and Compliance
Customer may request reasonable information regarding ProxyGuard’s data protection practices.
ProxyGuard may satisfy audit requests through documentation, certifications, or written responses. ProxyGuard is not required to provide access to confidential infrastructure, systems, or proprietary information.
15. Customer Responsibilities
Customer is solely responsible for:
- Ensuring lawful processing of Personal Data
- Obtaining required consents
- Ensuring legal authority to transmit Personal Data
- Compliance with applicable data protection laws
ProxyGuard is not responsible for Customer compliance obligations.
16. Limitation of Liability
This DPA is subject to the liability limitations in the Terms of Service. ProxyGuard’s liability is limited as specified in the Agreement.
17. Governing Law
This DPA is governed by the laws of Queensland, Australia.