Skip to content

Data Processing Agreement

Last updated: April 2026

1. Introduction and Definitions

This Data Processing Agreement ("DPA") applies to the processing of personal data by RT Hub on behalf of customers who are subject to data protection laws such as GDPR, CCPA, HIPAA, or equivalent regulations.

Definitions:

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Customer: The organization that determines the purposes and means of processing
  • Processor: RT Hub, which processes data on behalf of the Customer

2. Scope and Purpose

This DPA governs RT Hub's processing of personal data for the following purposes:

  • Providing the RT Hub Service
  • Maintaining and improving the Service
  • Ensuring security and preventing fraud
  • Complying with legal obligations

3. Data Security and Safeguards

RT Hub implements appropriate technical and organizational measures to protect personal data:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Authentication: Multi-factor authentication (MFA) for all administrative access
  • Audit Logging: Comprehensive audit logs of all data access and modifications
  • Data Isolation: Customer data isolated in separate database partitions
  • Vulnerability Management: Regular security testing and penetration testing
  • Incident Response: 24/7 monitoring and incident response procedures

4. Sub-processors

RT Hub may engage sub-processors (cloud infrastructure providers, analytics services, etc.) to process personal data. The current list of sub-processors is available at rthub.io/processors. Customers will be notified of changes to the sub-processor list at least 30 days in advance.

5. Data Subject Rights

RT Hub facilitates customers in fulfilling their obligations to respect data subject rights:

  • Right to Access: Customers can export or access their personal data through the dashboard
  • Right to Rectification: Customers can update or correct personal data
  • Right to Erasure: Customers can request deletion of personal data with 30-day retention period
  • Right to Portability: Customers can export data in standard formats
  • Right to Restrict Processing: Customers can request processing restrictions

6. International Data Transfers

For transfers of personal data from the EEA to the US or other countries, RT Hub relies on:

  • Standard Contractual Clauses (SCCs) for international transfers
  • EU-US Data Privacy Framework where applicable
  • Binding Corporate Rules for group companies

7. Data Retention and Deletion

RT Hub retains personal data only as long as necessary to provide the Service. Customers can request deletion of their data at any time. After account termination:

  • Active personal data is deleted within 30 days
  • Backup copies are retained for 90 days for recovery purposes only
  • Aggregated, anonymized data may be retained indefinitely

8. Data Breach Notification

In the event of a confirmed personal data breach:

  • RT Hub will notify customers within 24 hours of discovery
  • Notifications will include nature of breach, data affected, and mitigation steps
  • RT Hub will cooperate with regulatory authorities and affected individuals
  • RT Hub will document all breach details for regulatory compliance

9. Compliance Certifications

RT Hub maintains the following compliance certifications:

  • GDPR Compliant - EU data protection regulation
  • CCPA Compliant - California privacy law
  • HIPAA Compliant - US healthcare data protection
  • ISO 27001 - Information security management
  • SOC 2 Type II - Security and availability controls

10. Audit and Inspection Rights

RT Hub undergoes independent audits. Customers can request audit reports and certifications. For investigation of potential violations, RT Hub will cooperate with regulatory authorities and provide necessary documentation within required timeframes.

11. Term and Termination

This DPA remains in effect as long as RT Hub processes personal data on behalf of the customer. Upon termination of services, all personal data will be deleted or returned within 30 days, unless retention is required by law.

12. Contact and Questions

For questions about this DPA, data processing practices, or to exercise data subject rights:

Data Protection Officer
Email: dpo@rthub.io
Or contact our Support team

Hi!