Data Processing Agreement (DPA)

This DPA governs OTP Space's processing of end-user personal data on the Customer's behalf. It forms part of our Terms of Service.

1. Roles of the Parties

The Customer is the data controller of end-user data. OTP Space is the data processor, processing that data only to provide the Service and per the Customer's instructions.

2. Scope of Processing

The data processed covers end-user phone numbers and the related OTP codes, solely for the purpose of sending and verifying OTPs.

3. Security

We apply reasonable technical measures, including encryption of phone numbers at rest, storing OTP codes hashed, signed sessions, and restricted admin access.

4. Sub-processors

We may engage sub-processors (e.g. hosting/database providers and the WhatsApp delivery network) bound by equivalent confidentiality and security obligations.

5. Assistance & Incidents

We assist the Customer in honoring end-user rights where reasonably possible, and notify the Customer without undue delay of a data breach affecting their data.

6. Data Deletion

On termination, we delete or return end-user personal data on request, unless retention is required by law.

7. Contact

For DPA-related requests, contact [email protected].