Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the agreement between Kaytos, LLC ("Kaytos", "Reputable Click", "Processor", "we", "us") and you ("Customer", "Controller", "you") for the provision of the Reputable Click services (the "Services").
This DPA applies where and only to the extent that Reputable Click processes Personal Data on behalf of Customer as a Processor in the course of providing the Services, and such Personal Data is subject to Data Protection Laws.
1. Definitions
"Data Protection Laws" means all applicable laws relating to data protection and privacy, including GDPR (Regulation (EU) 2016/679), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other similar laws.
"Personal Data" means any information relating to an identified or identifiable natural person that Reputable Click processes on behalf of Customer in connection with the Services.
"End-User Data" means Personal Data about Customer's end users that Customer submits to the Services (for example, via scoring endpoints or event ingestion).
"Subprocessor" means any third party engaged by Reputable Click to process Personal Data on behalf of Customer.
2. Scope and Roles
2.1. Customer as Controller. Customer is the Controller of End-User Data. Customer determines the purposes and means of processing End-User Data and is responsible for compliance with Data Protection Laws as they apply to Customer's use of the Services.
2.2. Reputable Click as Processor. Reputable Click is the Processor of End-User Data and will process End-User Data only on behalf of and in accordance with Customer's documented instructions.
2.3. Nature of Processing. The subject matter, duration, nature, and purpose of processing, as well as the types of Personal Data and categories of data subjects, are described in Annex 1.
3. Customer Obligations
3.1. Customer represents and warrants that:
- Customer has provided appropriate notices to, and obtained necessary consents from, data subjects as required by Data Protection Laws;
- Customer has a lawful basis to transfer End-User Data to Reputable Click and to receive the outputs of the Services;
- Customer's instructions to Reputable Click comply with Data Protection Laws.
3.2. Customer is responsible for the accuracy, quality, and legality of End-User Data and the means by which Customer acquired it.
4. Reputable Click Obligations
4.1. Processing Instructions. Reputable Click will process End-User Data only in accordance with Customer's documented instructions, unless required by applicable law. The Services and this DPA constitute Customer's complete instructions at the time of signing. Additional instructions require mutual agreement.
4.2. Confidentiality. Reputable Click will ensure that persons authorized to process End-User Data are subject to confidentiality obligations.
4.3. Security. Reputable Click will implement appropriate technical and organizational measures to protect End-User Data, including measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:
- Encryption of data in transit (TLS);
- Access controls and authentication;
- Regular security assessments;
- Incident response procedures.
4.4. Subprocessors. Customer authorizes Reputable Click to engage Subprocessors listed in Annex 2. Reputable Click will:
- Enter into written agreements with Subprocessors imposing data protection obligations no less protective than this DPA;
- Remain liable for the acts and omissions of its Subprocessors;
- Notify Customer of any intended changes to Subprocessors by updating the Subprocessor list, giving Customer the opportunity to object.
4.5. Data Subject Rights. Reputable Click will assist Customer in responding to requests from data subjects to exercise their rights under Data Protection Laws, to the extent Customer cannot fulfill such requests through the Services.
4.6. Data Breach Notification. Reputable Click will notify Customer without undue delay (and in any event within 72 hours) after becoming aware of a Personal Data breach affecting End-User Data, and will provide reasonable assistance to Customer in fulfilling Customer's breach notification obligations.
4.7. Data Protection Impact Assessments. Reputable Click will provide reasonable assistance to Customer with data protection impact assessments and prior consultations with supervisory authorities, to the extent required by Data Protection Laws.
4.8. Audits. Upon Customer's written request (no more than once per year), Reputable Click will make available information necessary to demonstrate compliance with this DPA. Customer may conduct an audit, or appoint a third-party auditor, subject to reasonable advance notice, confidentiality obligations, and during normal business hours.
5. International Transfers
5.1. Reputable Click may transfer End-User Data to countries outside the EEA, UK, or Switzerland. Where such transfers occur, Reputable Click will ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission;
- UK International Data Transfer Agreement or Addendum;
- Other valid transfer mechanisms under Data Protection Laws.
5.2. Where Standard Contractual Clauses apply, this DPA incorporates them by reference, with Customer as "data exporter" and Reputable Click as "data importer."
6. Data Retention and Deletion
6.1. Reputable Click will retain End-User Data for the duration necessary to provide the Services and in accordance with the retention periods described in the Privacy Policy.
6.2. Upon termination of the Services or upon Customer's written request, Reputable Click will delete or return End-User Data within a reasonable period, except to the extent Reputable Click is required by law to retain some or all of the data.
7. Liability
Each party's liability under this DPA is subject to the limitations of liability in the Terms of Service.
8. Term
This DPA remains in effect for as long as Reputable Click processes End-User Data on behalf of Customer.
Annex 1: Details of Processing
| Element | Description |
|---|---|
| Subject Matter | Processing of End-User Data to provide bot protection, traffic quality evaluation, reputation scoring, and fraud prevention services. |
| Duration | For the term of the Services agreement. |
| Nature and Purpose | Collection, storage, analysis, and scoring of request and behavioral signals to detect automation, evaluate traffic quality, and provide reputation signals. |
| Types of Personal Data | IP addresses; device/browser identifiers and fingerprints; geolocation data (country, region, city inferred from IP); user agent strings; session identifiers; page context (URLs, paths); behavioral signals (mouse movements, clicks, scroll depth, time on page); customer-provided event metadata. |
| Categories of Data Subjects | End users of Customer's websites, applications, or services. |
Annex 2: Subprocessors
Reputable Click uses the following Subprocessors:
| Subprocessor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Cloud infrastructure and hosting | Germany / Finland |
| Cloudflare, Inc. | CDN, DDoS protection, edge compute | United States (global edge) |
| GitHub, Inc. (Microsoft) | Authentication provider (optional) | United States |
| Google LLC | Authentication provider (optional) | United States |
*Last updated: December 16, 2025*
Customer may subscribe to Subprocessor updates by contacting support@reputable.click.