Skip to content

Data Processing Agreement

Last updated 2026-05-28

This document is a working template provided for transparency during evaluation. The binding version is the one referenced in your signed agreement. For the executed copy, contact [email protected].

This DPA forms part of the agreement between you ("Controller") and Rahoto ("Processor") and applies where Rahoto processes personal data on your behalf in providing the Service. A signed counterpart is available on request for enterprise agreements.

1. Roles and scope

You are the Controller of Customer Data; Rahoto is the Processor. We process personal data only on your documented instructions, which include your use of the Service and the connections you configure.

2. Nature and purpose

ItemDetail
Subject matterProvision of the Rahoto reporting runtime.
DurationFor the term of the agreement plus the export window.
Categories of dataAs determined by the sources you connect and the reports you build.
Data subjectsAs determined by your Customer Data (e.g. your customers, employees).

3. Security measures

Rahoto implements appropriate technical and organisational measures including encryption in transit and at rest, customer-managed keys (BYOK) on enterprise plans, role-based access control, row-level security, and an immutable, hash-chained audit log. Further detail is in the Trust Center.

4. Sub-processors

You authorise Rahoto to engage the sub-processors listed on the sub-processor page. We give at least 30 days' notice before adding a sub-processor, during which you may object on reasonable data-protection grounds.

5. International transfers

Primary processing occurs in the EU. Where any transfer outside the EEA occurs, it is covered by an adequacy decision or Standard Contractual Clauses. Enterprise plans can pin residency by region.

6. Assistance and audits

Rahoto assists the Controller with data-subject requests, breach notification, and data-protection impact assessments, and makes available information necessary to demonstrate compliance.

7. Deletion

On termination, Rahoto deletes or returns Customer Data after the export window, except where retention is required by law.

8. Contact

DPA execution and questions: [email protected].