🚀 We are live on Product Hunt Check out →
🚀 Campaign Extended till 24-11-2025, grab your early Black Friday Deal now
Try for free

DATA PROCESSING AGREEMENT (DPA)

DATA PROCESSING AGREEMENT (DPA)

Effective Date: 2026

Operated by
HOODS HUB PRIVATE LIMITED
Chennai, Tamil Nadu, India

This Data Processing Agreement (“DPA”) forms part of the WhitePanther™ Master Terms of Service (“Agreement”) between:

HOODS HUB PRIVATE LIMITED
(“WhitePanther”, “Processor”)

and

The entity using the WhitePanther™ platform
(“Customer”, “Controller”).

  1. PURPOSE & SCOPE

This DPA governs the Processing of Personal Data by WhitePanther on behalf of the Customer in connection with the WhitePanther™ platform.

This DPA applies where WhitePanther acts as a Data Processor under:

  • The General Data Protection Regulation (GDPR), where applicable
  • Applicable Indian data protection laws
  • Other relevant data protection regulations

This DPA applies only to Personal Data processed by WhitePanther in its role as Processor.

  1. DEFINITIONS

For purposes of this DPA:

  • Personal Data means any information relating to an identified or identifiable natural person.
  • Processing means any operation performed on Personal Data.
  • Controller means the entity determining the purposes and means of Processing.
  • Processor means the entity Processing Personal Data on behalf of the Controller.
  • Sub-Processor means a third party engaged by the Processor to Process Personal Data.
  • Cloud Provider Data means email or file content stored directly within third-party cloud accounts (e.g., Gmail, Google Drive) that is not stored by WhitePanther.
  1. ROLES OF THE PARTIES

3.1 Customer as Controller

The Customer acts as Data Controller for:

  • Email content
  • Marketing contact lists
  • Screen recording metadata
  • Time logs
  • Payment-related metadata
  • Any Personal Data uploaded to or generated through the platform

The Customer is responsible for:

  • Determining lawful basis for Processing
  • Providing required notices
  • Ensuring data accuracy
  • Ensuring lawful use of the platform

3.2 WhitePanther as Processor

WhitePanther shall:

  • Process Personal Data only on documented instructions from the Customer
  • Process data solely to provide the services under the Agreement
  • Not sell, rent, or resell Personal Data
  • Not use Customer Personal Data for advertising
  • Not use Gmail or cloud-provider content for AI model training

WhitePanther does not determine the purposes of Customer data Processing.

  1. CLOUD PROVIDER DATA ARCHITECTURE

WhitePanther integrates with third-party providers, including:

  • Google LLC (Gmail, Drive integrations)
  • Razorpay Software Private Limited
  • PhonePe Private Limited

Important Clarification:

  • Email bodies and attachments remain within the Customer’s Gmail account.
  • Files remain stored in the Customer’s Google Drive.
  • WhitePanther does not store copies of such content.
  • WhitePanther maintains only encrypted metadata references where necessary for workflow continuity.

Cloud Provider Data remains under the Customer’s control and subject to the provider’s security framework.

  1. SUBJECT MATTER, DURATION & NATURE OF PROCESSING

Processing occurs:

  • For the duration of the Agreement
  • Until termination and expiration of retention obligations

Nature of Processing includes:

  • Account administration
  • Email drafting support
  • Marketing campaign orchestration
  • Screen recording facilitation (stored in Customer-controlled storage)
  • Manual time tracking
  • Subscription billing integration
  • Platform support and analytics

Processing is limited to what is necessary to provide services.

  1. TYPES OF PERSONAL DATA

May include:

  • Names
  • Email addresses
  • Phone numbers
  • Organization details
  • Billing information
  • Transaction identifiers
  • IP addresses
  • Usage logs
  • User-generated content

WhitePanther does not intentionally Process special categories of data unless explicitly provided by the Customer.

  1. CONFIDENTIALITY

WhitePanther ensures that:

  • Personnel authorized to process Personal Data are bound by confidentiality obligations.
  • Access is restricted on a need-to-know basis.
  • Administrative access is monitored and controlled.
  1. TECHNICAL & ORGANIZATIONAL SECURITY MEASURES

WhitePanther maintains an Information Security Management System (ISMS) aligned with ISO/IEC 27001 principles.

Security measures include:

  • Encryption in transit (TLS)
  • Encryption at rest
  • Role-Based Access Control (RBAC)
  • Secure authentication and token management
  • Logging and audit trail mechanisms
  • Environment segregation (development, staging, production)
  • Secure development lifecycle practices
  • Risk assessment and mitigation procedures
  • Incident response procedures

Payment security includes tokenization handled by regulated payment processors.
WhitePanther does not store CVV or full card numbers.

  1. SUB-PROCESSORS

Customer provides general authorization for WhitePanther to engage Sub-Processors.

WhitePanther shall:

  • Enter into appropriate contractual safeguards with Sub-Processors
  • Impose data protection obligations consistent with this DPA
  • Remain responsible for Sub-Processor compliance

A Sub-Processor list is maintained and available upon request.

  1. INTERNATIONAL DATA TRANSFERS

Where Personal Data is transferred outside the Customer’s jurisdiction:

  • Appropriate safeguards shall be implemented
  • Contractual protections shall apply
  • Transfers shall align with GDPR principles where applicable

Cloud-provider-hosted data remains governed by the respective provider’s transfer framework.

  1. DATA SUBJECT RIGHTS

WhitePanther shall reasonably assist the Customer in fulfilling obligations related to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection

The Customer remains responsible for responding to Data Subject requests.

  1. PERSONAL DATA BREACH

In the event of a confirmed Personal Data breach affecting Customer-managed data stored within WhitePanther systems:

WhitePanther shall:

  • Notify the Customer without undue delay
  • Provide available details
  • Cooperate in remediation efforts

WhitePanther is not responsible for breaches caused by:

  • Customer misconfiguration
  • Cloud provider infrastructure failures
  • Compromised user credentials
  • Third-party systems outside WhitePanther’s control
  1. AUDIT & INFORMATION RIGHTS

Upon reasonable written request:

  • WhitePanther may provide information regarding its security practices.
  • Security summaries or certifications may be shared.

WhitePanther is not required to disclose confidential internal security documentation or allow unrestricted on-site audits unless legally required.

  1. DATA RETENTION, DELETION & RETURN

Upon termination:

  • Customer may request export of Personal Data stored within WhitePanther systems.
  • WhitePanther shall delete or anonymize Personal Data after applicable retention periods.
  • Encrypted backups may temporarily retain data for disaster recovery purposes.

Cloud-provider-hosted data must be managed directly by the Customer.

  1. LIMITATION OF LIABILITY

Liability under this DPA is subject to the limitations and exclusions set forth in the Master Terms of Service.

  1. GOVERNING LAW & JURISDICTION

This DPA is governed by the laws of India.

Jurisdiction: Courts of Chennai, Tamil Nadu.

  1. CONTACT

For data protection or compliance inquiries:

customersupport@whitepanther.email

HOODS HUB PRIVATE LIMITED
Chennai, Tamil Nadu, India

Sign Up for Newsletter

About

WhitePanther™ empowers modern organizations with a unified, AI-powered operations system that connects communication, revenue, and workflows — delivering stronger operational control and financial visibility within a secure, compliance-ready environment.

Built and operated by HOODS HUB PRIVATE LIMITED.

Product

SECURITY

LEGAL

COMPLIANCE

PRIVACY & DATA

COMPANY

SOCIAL

Copyright @2025 WhitePanther. All Rights Reserved

ISO3
GDPR3