Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of, and is governed by, the AppGenie Terms of Service and Privacy Policy between AppGenie Pty Ltd (ABN 42 629 530 356) ("AppGenie", "we", "us") and the customer ("Customer", "you"). It applies where, in providing the Services, AppGenie processes Personal Data on the Customer's behalf.
1. Definitions
Capitalised terms not defined here have the meaning given in the Terms of Service. "Data Protection Laws" means all laws applicable to the processing of Personal Data under this DPA, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) and, where applicable, the EU/UK General Data Protection Regulation ("GDPR"). "Controller", "Processor", "Personal Data", "Processing", "Data Subject" and "Personal Data Breach" have the meanings given in the applicable Data Protection Laws. "Sub-processor" means any third party engaged by AppGenie to process Personal Data on the Customer's behalf. "Services" means the AppGenie services to which this DPA applies, as described in Annex A.
2. Roles and scope
For Personal Data that AppGenie processes on the Customer's behalf in providing the Services, the Customer is the Controller and AppGenie is the Processor. Where AppGenie determines the purposes and means of processing (for example, account administration, billing, security and service operation), AppGenie acts as an independent controller for that limited processing, as described in the Privacy Policy. This DPA covers each Service described in Annex A. The specific processing for each Service is set out in that Annex.
3. Processing on documented instructions
AppGenie will process Personal Data only on the Customer's documented instructions (including as set out in the Terms, this DPA and the Customer's configuration and use of the Services), except where required by law, in which case AppGenie will, where lawful, inform the Customer of that requirement. AppGenie will inform the Customer if, in its opinion, an instruction infringes Data Protection Laws.
4. Confidentiality
AppGenie will ensure that personnel authorised to process Personal Data are bound by appropriate obligations of confidentiality and are granted access on a least-privilege, need-to-know basis.
5. Security
AppGenie will implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, having regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing. Those measures are described in Annex B and may be updated over time provided the level of protection is not materially reduced.
6. Sub-processors
The Customer provides general authorisation for AppGenie to engage the Sub-processors listed in Annex C to process Personal Data in providing the Services. AppGenie will impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA, and remains responsible for each Sub-processor's performance. AppGenie will give the Customer at least 30 days' notice of any intended addition or replacement of a Sub-processor, posted on this page and, where AppGenie holds an account email for the Customer, by email, during which the Customer may object on reasonable data-protection grounds.
7. Assistance with data subject rights
Taking into account the nature of the processing, AppGenie will assist the Customer by appropriate technical and organisational measures, insofar as possible, to respond to requests by Data Subjects to exercise their rights under Data Protection Laws. If AppGenie receives such a request directly, it will, where lawful, direct the Data Subject to the Customer and notify the Customer.
8. Personal data breach notification
AppGenie will notify the Customer without undue delay, and in any event within 72 hours after becoming aware of a Personal Data Breach affecting the Customer's Personal Data, and will provide information reasonably available to assist the Customer in meeting its own notification obligations.
9. Data protection impact assessments
Taking into account the nature of processing and the information available to AppGenie, AppGenie will provide reasonable assistance to the Customer with data protection impact assessments and prior consultation with supervisory authorities where required by Data Protection Laws.
10. International transfers
Primary service data is hosted in Australia (see Annex A and the Privacy Policy). Where a Sub-processor processes Personal Data outside Australia (for example, identity and billing functions performed in the United States), that transfer is governed by the relevant Sub-processor's own data processing terms, which incorporate appropriate safeguards - including Standard Contractual Clauses where required by Data Protection Laws. AppGenie selects sub-processors that provide such safeguards and relies on those terms for cross-border transfers.
11. Return and deletion
On termination of the Services, AppGenie will, at the Customer's choice, delete or return the Personal Data it processes on the Customer's behalf, and delete existing copies, except to the extent retention is required by law. Standard retention periods for each Service are set out in Annex A and the Privacy Policy.
12. Audit and information
AppGenie will make available to the Customer information reasonably necessary to demonstrate compliance with this DPA, primarily by providing documentation and evidence (including any third-party reports or certifications AppGenie holds). On-site inspection will be available only where required by Data Protection Laws or a regulator, or following a confirmed Personal Data Breach affecting the Customer's Personal Data, on reasonable prior notice, no more than once in any 12-month period, subject to confidentiality and without compromising the security or confidentiality of AppGenie's other customers.
13. Liability
Each party's liability under or in connection with this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.
14. Term and governing law
This DPA takes effect on the date the Customer accepts the Terms (or the date this DPA is executed, if separately executed) and continues for as long as AppGenie processes Personal Data on the Customer's behalf. This DPA is governed by the laws of Victoria, Australia.
15. Contact
Privacy and data-protection enquiries, including requests under this DPA, may be sent to info@appgenie.com.au.
Annex A - Processing details by Service
A.1 AppGenie Compliance MCP
| Item | Detail |
|---|---|
| Subject matter | Provision of the AppGenie Compliance MCP service (a Model Context Protocol service serving cited compliance guidance). |
| Duration | For the term of the Customer's subscription and the retention periods below. |
| Nature and purpose | Authenticating the user, enforcing subscription entitlements and usage limits, generating cited compliance guidance, operating and securing the service, metering and billing usage, and maintaining audit evidence. |
| Types of Personal Data | Account and identity data (email address, email-verified status, identity-provider subject identifier; access tokens stored only as a SHA-256 hash); query content (processed transiently, not retained); audit and usage telemetry (request identifier, timestamp, tool, profile, entitlement decision, billable units, tier, HTTP status); billing metadata. No special-category data is required by the service. |
| Categories of Data Subjects | The Customer's authorised users of the service. |
| Data location | Australia (AWS Asia Pacific (Sydney), ap-southeast-2), with limited identity and billing processing in the United States (see Annex C). |
| Retention | Account/identity: life of subscription, deleted within 30 days of closure or a verified deletion request. Audit/usage: 2 years. Operational auth logs: 12 months. Backups: up to 1 year. Query content: not retained beyond transient processing. |
A.2 FTP2SF
| Item | Detail |
|---|---|
| Subject matter | Provision of FTP2SF, which transfers files between the Customer's file endpoints (for example SFTP, S3 or Azure storage) and the Customer's Salesforce org. |
| Duration | For the term of the Customer's subscription/use and the retention periods below. |
| Nature and purpose | Transferring file content between the Customer's endpoints and the Customer's Salesforce org under the Customer's configuration, acting as a transport conduit. AppGenie does not access, inspect or analyse the content of transferred files. Related job orchestration, logging and error handling support the transfer. |
| Types of Personal Data | Any Personal Data the Customer includes in the transferred files. The content is determined solely by the Customer; AppGenie transmits it as a transient conduit, encrypted in transit and at rest, and does not access, inspect, analyse or retain the file content (it is not persisted by AppGenie after the transfer completes). Operational metadata (job and file identifiers, timestamps, status, error diagnostics) is processed to operate the service. Endpoint credentials (for example SFTP passwords, storage keys) are stored encrypted within the Customer's own Salesforce org, not on AppGenie infrastructure. |
| Categories of Data Subjects | Determined by the Customer (the Data Subjects whose data appears in the transferred files). |
| Data location | Customer-selected. FTP2SF is deployed as a region-specific AWS Lambda function and the Customer chooses the AWS region in which their function runs, so file transport and processing remain within that region and data centre. The Salesforce org is the Customer's own platform under the Customer's control. |
| Retention | No transferred file content is retained. Transfers run in an ephemeral, customer-region function and nothing persists once the connection/transfer completes. Operational and diagnostic logs are kept to the minimum needed to run and support the service. |
Annex B - Technical and organisational measures
- Encryption - Personal Data is encrypted in transit (HTTPS/TLS) and at rest; FTP2SF additionally uses envelope encryption with AWS KMS for protected content.
- Access control - least-privilege, need-to-know access; AppGenie's internal AWS access on the data path uses short-lived, brokered credentials rather than long-lived static keys.
- Authentication - the Compliance MCP uses OAuth 2.1; access tokens are stored only as a hash.
- Logging and monitoring - access and change activity is logged to support investigation, assurance and audit.
- Segregation - environments are segregated and access is controlled and monitored.
- Data minimisation and retention - collection is limited to what is required; defined retention and disposal rules apply (Annex A).
- Resilience and recovery - service components run on managed, resilient AWS infrastructure. Where data is retained (the Compliance MCP), backups are maintained consistent with the retention schedule; FTP2SF retains no transferred content, so there is no transferred content to back up or recover.
Annex C - Sub-processors
C.1 AppGenie Compliance MCP
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, compute and database | Australia (ap-southeast-2) |
| WorkOS, Inc. | Authentication and identity (OAuth / AuthKit); verification email | United States |
| Stripe | Subscription billing and payments | Australia and United States |
| Amazon Simple Email Service (SES) | Transactional email | AWS |
C.2 FTP2SF
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, compute, transient processing and key management (KMS) | Customer-selected AWS region |
The Customer's Salesforce org is the Customer's own platform, not an AppGenie sub-processor. No other sub-processors apply to FTP2SF.