Ewang.Cloud
Sign inGet started
⚠️ Draft — not legal advice. This document is a placeholder and must be reviewed by qualified counsel before launch.

Data Processing Addendum

Last updated: 2026-04-20

This Data Processing Addendum ("DPA") forms part of the Terms of Service between you ("Controller") and Ewang.Cloud ("Processor"). It describes how Ewang.Cloud processes personal data on your behalf and provides the contractual safeguards required by GDPR Article 28 and equivalent laws.

1. Subject matter & duration

Ewang.Cloud processes personal data solely to provide the Services (compute, storage, CDN, domain, database). Processing continues for the term of your subscription plus a 14-day grace period for data export, after which data is deleted.

2. Nature & purpose

Operational metadata (user account, billing, service logs), service content (files you upload, databases you create), and network metadata (IPs, user-agents). We do not inspect content bytes except when compelled by law or investigating a concrete abuse report.

3. Data subject categories

  • Your end users, customers, employees, contractors
  • Third parties whose data you have lawful basis to process

4. Sub-processors

Current list of approved sub-processors:

  • Vultr — compute and object storage (US, EU, APAC regions)
  • Linode (Akamai) — compute (planned Q3 2026)
  • Cloudflare — CDN edge and R2-backed storage (EU, US)
  • Neon — managed Postgres (AWS us-east, ap-southeast, eu-central)
  • Stripe — payment processing (US)
  • Resend — transactional email (US)
  • Vercel — marketing site and dashboard edge hosting (US)

30-day notice is given before adding a new sub-processor. You may object and terminate with full refund for unused prepaid balance.

5. Data transfers

Transfers outside the EEA rely on the 2021 EU Standard Contractual Clauses (Module 2: Controller-to-Processor) with module-specific transfer impact assessments available on request.

6. Security

TLS 1.3 for all traffic; AES-256 at rest; isolated VLANs per customer on compute; signed URLs for private buckets; bcrypt / scrypt password hashing; annual third-party penetration test. SOC 2 Type II: target 2027.

7. Your rights

You may request a list of sub-processors, a record of processing activities, or a security audit (once per year, reasonable notice). Contact dpo@ewang.cloud.

8. Breach notification

Personal data breaches affecting your data are reported within 72 hours of confirmation, including scope, cause, and remediation plan.

9. Contact

Our Data Protection Officer: dpo@ewang.cloud.