Data Processing Agreement

1. Scope

This Data Processing Agreement (DPA) applies when SecodX processes personal data on behalf of a customer as a data processor under GDPR Article 28 or KVKK.

2. Processing Details

Subject matter: Security code analysis of customer-provided source code repositories.
Duration: Term of the subscription agreement.
Nature: Automated static analysis. Code is processed in the customer's infrastructure (on-premise) or in an isolated scan environment. Source code is never retained by SecodX after scan completion.

3. Confidentiality

SecodX personnel are bound by confidentiality obligations. Source code is processed solely to provide the contracted service and is never used for any other purpose.

4. Sub-processors

SecodX uses Microsoft Azure for cloud infrastructure. Azure is bound by its Data Processing Agreement with SecodX. A current list of sub-processors is available upon request.

5. Security Measures

SecodX implements appropriate technical and organizational measures including encryption at rest and in transit, role-based access controls, audit logging, and regular security assessments.

6. Contact

For DPA inquiries: contact@secodx.com