Legal

Data Processing Agreement

How Devopsflare LLC processes personal data on behalf of business clients using WaveProxy services.

Effective Date: February 28, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Devopsflare LLC (operating as WaveProxy, "Service Provider", "Processor", "we", "us") and the client business entity ("Client", "Controller", "you") using WaveProxy's proxy services.

This DPA applies where the Client, in using WaveProxy's datacenter proxy and/or residential proxy services, instructs WaveProxy to process personal data on the Client's behalf. Both parties agree to comply with applicable data protection law in connection with such processing.

For questions regarding this DPA, contact us at [email protected].

1. Definitions

For the purposes of this DPA:

  • "Applicable Data Protection Law" means all applicable legislation relating to data protection and privacy, including but not limited to the EU General Data Protection Regulation (GDPR) 2016/679, the UK GDPR, the California Consumer Privacy Act (CCPA), and any other applicable national or state data protection laws.
  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under Applicable Data Protection Law.
  • "Controller" means the entity that determines the purposes and means of processing Personal Data (the Client).
  • "Processor" means the entity that processes Personal Data on behalf of the Controller (Devopsflare LLC / WaveProxy).
  • "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, storage, use, disclosure, or deletion.
  • "Data Subject" means the natural person to whom Personal Data relates.
  • "Sub-Processor" means any third-party processor engaged by WaveProxy to process Personal Data under this DPA.
  • "Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

2. Roles of the Parties

2.1 The Client acts as the Controller and WaveProxy (Devopsflare LLC) acts as the Processor in respect of Personal Data processed through the use of WaveProxy's proxy services.

2.2 In connection with the provision of proxy services (including routing of internet traffic through datacenter and residential proxy infrastructure), WaveProxy may process Personal Data such as source IP addresses, connection metadata, and bandwidth usage data on behalf of the Client.

2.3 WaveProxy also processes certain Client data (such as account information and payment data) in its capacity as an independent Controller, which is governed by the WaveProxy Privacy Policy available at https://www.waveproxy.com/privacy.

3. Details of Processing

3.1 Subject Matter: The processing of Personal Data through the use of WaveProxy's proxy routing infrastructure.

3.2 Duration: For the duration of the Client's active subscription and use of the Services, plus any retention period required by applicable law or this DPA.

3.3 Nature of Processing: Routing internet traffic through proxy servers; collection and temporary storage of connection logs including IP addresses, connection timestamps, and bandwidth data.

3.4 Purpose of Processing: Delivery of proxy services as subscribed by the Client; bandwidth monitoring; abuse prevention; compliance with legal obligations.

3.5 Types of Personal Data: IP addresses (source and destination), connection timestamps, data volumes, and related connection metadata.

3.6 Categories of Data Subjects: End users of the Client whose internet traffic is routed through WaveProxy's proxy infrastructure.

4. Processor Obligations

4.1 WaveProxy agrees to:

  • Process Personal Data only on the documented instructions of the Client, as set out in this DPA and the Terms of Service, unless otherwise required by applicable law.
  • Ensure that all personnel authorized to process Personal Data are bound by appropriate confidentiality obligations.
  • Implement and maintain appropriate technical and organizational security measures as described in Section 6 of this DPA.
  • Assist the Client in fulfilling its obligations to respond to Data Subject rights requests, to the extent reasonably practicable given the nature of the processing.
  • Notify the Client without undue delay upon becoming aware of a Security Incident affecting Personal Data processed under this DPA.
  • Delete or return all Personal Data to the Client upon termination of the Services, and delete existing copies, unless applicable law requires retention.
  • Make available to the Client all information reasonably necessary to demonstrate compliance with this DPA and cooperate with reasonable audits requested by the Client.

5. Client Obligations

5.1 The Client, as Controller, agrees to:

  • Ensure it has a lawful basis for instructing WaveProxy to process Personal Data, including obtaining necessary consents from Data Subjects where required.
  • Provide WaveProxy with lawful, accurate, and complete processing instructions.
  • Ensure that any Personal Data provided to WaveProxy for processing complies with Applicable Data Protection Law.
  • Promptly notify WaveProxy if instructions change or are believed to violate applicable law.

6. Security Measures

6.1 WaveProxy implements the following technical and organizational security measures to protect Personal Data:

  • Encryption in Transit: All data transmitted through WaveProxy's infrastructure is encrypted using SSL/TLS protocols.
  • Access Controls: Strict role-based access controls limit access to Personal Data to authorized personnel only.
  • Encrypted Storage: Sensitive data at rest is stored in encrypted form.
  • Security Monitoring: Continuous monitoring of systems for security threats and anomalies.
  • Incident Response: Documented procedures for responding to and reporting Security Incidents.
  • Data Minimization: Collection and retention of only the minimum Personal Data necessary for the stated purposes.
  • Log Retention & Deletion: Connection logs are retained for a maximum of 30 days, after which they are permanently deleted or anonymized.

6.2 WaveProxy regularly reviews and updates its security measures to address new and emerging threats.

7. Sub-Processors

7.1 The Client provides general authorization for WaveProxy to engage Sub-Processors in connection with the delivery of the Services.

7.2 WaveProxy's current Sub-Processors include the following categories of providers:

  • Cloud infrastructure and hosting providers (for server hosting and data center operations)
  • Payment processors: Stripe and PayPal (for payment processing only)
  • Monitoring and analytics tools (for service performance and security monitoring)

7.3 WaveProxy will ensure that any Sub-Processor is bound by data processing obligations no less protective than those in this DPA.

7.4 WaveProxy will notify the Client of any intended changes to Sub-Processors (additions or replacements) by updating this DPA or our Privacy Policy. The Client may object to such changes by contacting [email protected] within 14 days of notification.

8. International Data Transfers

8.1 WaveProxy is based in the United States (Wyoming) and may process Personal Data in, or transfer it to, countries outside the European Economic Area (EEA) or UK.

8.2 Where such transfers occur, WaveProxy will ensure appropriate safeguards are in place in accordance with Applicable Data Protection Law, including but not limited to:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission or UK Information Commissioner's Office.
  • Other transfer mechanisms recognized as providing an adequate level of protection under Applicable Data Protection Law.

8.3 The Client may request copies of applicable transfer mechanisms by contacting [email protected].

9. Data Subject Rights

9.1 Taking into account the nature of the processing, WaveProxy will reasonably assist the Client in fulfilling its obligations to respond to Data Subject rights requests under Applicable Data Protection Law (including rights of access, rectification, erasure, restriction, portability, and objection).

9.2 WaveProxy will promptly forward to the Client any Data Subject requests received that relate to Personal Data processed under this DPA.

9.3 The Client is responsible for responding to Data Subject requests in its capacity as Controller.

10. Security Incidents and Breach Notification

10.1 WaveProxy will notify the Client without undue delay (and in any event within 72 hours where feasible) upon becoming aware of a Security Incident involving Personal Data processed under this DPA.

10.2 Notification will include, to the extent available: a description of the nature of the Security Incident, the categories and approximate number of Data Subjects affected, the categories and approximate volume of Personal Data records concerned, likely consequences of the Security Incident, and measures taken or proposed to address the incident.

10.3 Security Incidents should be reported to the Client at the contact email address provided in the Client's account settings. Clients should report their primary contact email to [email protected].

11. Audit Rights

11.1 WaveProxy will make available to the Client all information reasonably necessary to demonstrate compliance with this DPA.

11.2 The Client may request an audit of WaveProxy's data processing practices no more than once per year, upon providing at least 30 days' prior written notice, at the Client's cost and subject to reasonable confidentiality obligations. In lieu of an on-site audit, WaveProxy may provide relevant certifications, security assessments, or third-party audit reports.

12. Data Retention and Deletion

12.1 Connection logs processed under this DPA are retained for a maximum of 30 days from the date of creation, after which they are permanently deleted or anonymized.

12.2 Upon termination of the Services, WaveProxy will, at the Client's choice, delete or return all Personal Data processed under this DPA within a reasonable timeframe, unless applicable law requires WaveProxy to retain the data for a longer period.

13. Term and Termination

13.1 This DPA is effective from the date the Client accepts the Terms of Service and remains in effect for the duration of the Services.

13.2 This DPA automatically terminates upon expiration or termination of the Terms of Service agreement between the parties.

13.3 Sections 6, 8, 10, and 12 survive termination of this DPA.

14. Governing Law

14.1 This DPA is governed by the laws of the State of Wyoming, USA, consistent with the Terms of Service, unless otherwise required by Applicable Data Protection Law (e.g., GDPR provisions may apply to EU data subjects regardless of governing law).

15. Contact Information

For all queries, notices, or requests regarding this DPA, please contact:

Devopsflare LLC (operating as WaveProxy)
State of Wyoming, USA
Email: [email protected]
Website: https://www.waveproxy.com