Features
Who it's for
TradersForwardersCFS OperatorsCustoms BrokersInspection AgenciesAudit Firms
PricingDocs
Language
Sign upDashboard
Legal

Data Processing Addendum

Last updated: April 24, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between you ("Customer") and Export119 ("Processor") when we process personal data on your behalf. Final legal copy is being finalized with our counsel. [Final counsel-reviewed copy pending.]

1. Roles

You are the controller of personal data you enter into Export119 (your team, your counterparties, your buyers). We process that data as your processor on the instructions contained in the Agreement and in Export119's features.

2. Scope

Categories of data: names, emails, phone numbers, company affiliations, roles, business records you create in Export119. Categories of data subjects: your users, your invited partner companies' users, your counterparties. Duration: for as long as your account is active, plus a short retention window described below.

3. Sub-processors

We engage sub-processors to run the service. A current list is available on request at privacy@export119.com. Expected categories:

  • Hosting & infrastructure: Railway (product), Cloudflare (CDN + DNS + marketing site).
  • Database: [Managed MySQL provider].
  • Authentication: Clerk.
  • Email delivery: Resend.
  • Object storage: AWS S3 (backups).
  • Error monitoring: [Provider].

We'll notify you of new sub-processors 30 days before they start processing your data, giving you a chance to object.

4. Security measures

  • TLS 1.2+ in transit.
  • Encryption at rest for all database volumes and object storage.
  • Role-based access control inside Export119; least-privilege for our engineers.
  • Daily off-site backups to S3.
  • Period-close lock + audit trails built into the product.

5. International transfers

Where personal data is transferred outside your jurisdiction, we rely on appropriate safeguards — typically the EU Standard Contractual Clauses or equivalent. Ask us for the applicable set of clauses if you need them for your records.

6. Breach notification

If we become aware of a personal data breach affecting your data, we notify you without undue delay and in any event within 72 hours, with all information reasonably required for you to meet your own notification obligations.

7. Data subject requests

Most data subject requests (access, rectification, erasure, portability) can be fulfilled by you directly inside Export119 using the built-in data export and delete features. For anything you can't do yourself, email privacy@export119.com and we'll help within 30 days.

8. Deletion on termination

On termination you may export all your data. After the exit period, we delete your data from production systems. Backups age out on a rolling schedule (default: 30 days).

9. Audits

You may audit our compliance with this DPA once per year, on reasonable notice, during business hours, in a manner that doesn't disrupt the service. We'll cooperate with reasonable questionnaires and third-party certification requests in lieu of on-site audits.

10. Governing law

This DPA is governed by the same law as the Agreement.

11. Contact

privacy@export119.com.