Data Processing Agreement

Scope of processing

GPCGuard processes GPC signals on behalf of the site operator (the customer) to generate structured decision records. Processing includes: reading the Sec-GPC HTTP header and navigator.globalPrivacyControl value, validating the request against the guard chain, recording the decision outcome (hashed identifiers, signal type, action, edge PoP, policy version), and returning the policy response.

GPCGuard does not process end-user identity, plaintext PII, or financial data. Processing is limited to what is necessary to generate the decision telemetry described here.

Roles

The site operator remains responsible for the purposes and downstream handling of any end-user data implicated by GPC signals. For this workflow, GPCGuard acts as the customer's processor or service provider, depending on the applicable law and agreement, for the purpose of generating decision records from those signals. GPCGuard does not independently determine the purposes of the customer's downstream data use.

Security measures

GPCGuard implements tenant isolation via Row Level Security (RLS) at the database layer. Business data is accessible only via user JWT + RLS paths. Service-role credentials are restricted to authentication bootstrap and are never exposed to frontend code. Signal records are stored with hashed identifiers.

See the Security Overview and Architecture Commitments for full technical posture.

Sub-processors

GPCGuard uses Supabase as its primary infrastructure sub-processor for database, auth, and edge function hosting. Sub-processor details are subject to change; material changes will be communicated to account holders.

Enterprise DPA

Enterprise customers requiring a custom MSA and DPA should contact us directly. Custom agreements are available for organizations with specific legal, retention, or compliance requirements.

Contact

DPA and data processing inquiries: support@gpcguard.app