Skip to content
GridNMS
Features Use cases Security Pricing
Sign in Get started

Data Processing Agreement (DPA)

Last updated: July 2, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between GridNMS LLC ("GridNMS," "Processor") and the customer ("Customer," "Controller") and applies where GridNMS processes Personal Data on Customer's behalf. If you require a signed copy, contact legal@gridnms.io.

1. Definitions

  • Personal Data, Processing, Controller, Processor, Data Subject, and

Supervisory Authority have the meanings given in the GDPR.

  • Customer Personal Data means Personal Data within the Customer Data that GridNMS

processes on Customer's behalf to provide the Service.

  • Applicable Data Protection Law means GDPR, UK GDPR, the CCPA/CPRA, and other

privacy laws applicable to the Processing.

2. Roles and scope

Customer is the Controller (or processor acting for another controller) and GridNMS is the Processor of Customer Personal Data. GridNMS processes Customer Personal Data only to provide and support the Service and only on Customer's documented instructions, including as set out in the Terms and this DPA.

3. Nature of processing

  • Subject matter: provision of the GridNMS network observability and log-management

Service.

  • Duration: the term of the subscription plus any wind-down period.
  • Nature and purpose: collection, storage, structuring, analysis, retention, and

deletion of operational data to deliver monitoring, alerting, and reporting.

  • Types of Personal Data: primarily technical/operational data (IP and MAC

addresses, hostnames, usernames in logs, and any Personal Data the Customer chooses to send within logs or telemetry), plus account contact details.

  • Categories of Data Subjects: Customer's personnel, administrators, and any

individuals whose data appears in Customer's logs or systems.

4. GridNMS obligations

GridNMS will:

  1. Process Customer Personal Data only on Customer's documented instructions.
  2. Ensure personnel authorized to process the data are bound by confidentiality.
  3. Implement appropriate technical and organizational security measures (Section 6).
  4. Engage Sub-processors only under Section 5.
  5. Assist Customer, taking into account the nature of processing, with Data Subject

requests and with security, breach-notification, and impact-assessment obligations.

  1. Notify Customer without undue delay after becoming aware of a Personal Data Breach

affecting Customer Personal Data.

  1. At Customer's choice, delete or return Customer Personal Data at the end of the

service, except where retention is legally required.

  1. Make available information reasonably necessary to demonstrate compliance and allow

for audits as described in Section 7.

5. Sub-processors

Customer authorizes GridNMS to engage the Sub-processors listed in Sub-processors. GridNMS will impose data-protection obligations on each Sub-processor substantially similar to those in this DPA and remains responsible for their performance. GridNMS will provide a mechanism to be notified of new Sub-processors and will give Customer the opportunity to object on reasonable data-protection grounds.

6. Security

GridNMS maintains technical and organizational measures designed to protect Customer Personal Data, including: encryption in transit (TLS), mutual TLS for collector connections, application-layer encryption of sensitive credentials at rest, per-tenant logical isolation, access controls and least-privilege, and logging and monitoring of its own systems. Measures may be updated provided protection is not materially reduced.

7. Audits

On reasonable prior written request, and no more than once per year (unless required by a Supervisory Authority), GridNMS will make available information necessary to demonstrate compliance with this DPA, which may be satisfied by third-party reports or certifications where available. On-site audits, if needed, will be at Customer's expense, during business hours, and subject to confidentiality.

8. International transfers

Where Customer Personal Data originating in the EEA, UK, or Switzerland is transferred to a country without an adequacy decision, the parties agree the applicable Standard Contractual Clauses (and UK Addendum) are incorporated by reference and apply to that transfer, with GridNMS as data importer.

9. CCPA/CPRA

For Personal Data subject to the CCPA/CPRA, GridNMS acts as a "service provider." GridNMS will not sell or share such data, will not retain, use, or disclose it except to provide the Service or as permitted by law, and will not combine it with data from other sources except as permitted by the CCPA.

10. Liability and term

This DPA is subject to the limitations of liability in the Terms. It remains in effect for as long as GridNMS processes Customer Personal Data. In the event of a conflict between this DPA and the Terms regarding Processing of Personal Data, this DPA controls.

11. Contact

Data protection: privacy@gridnms.io · Legal: legal@gridnms.io

GridNMS
Features Use cases Security Roadmap Changelog Community Status Sign in
© GridNMS
Privacy Terms DPA Cookies EULA Sub-processors