ZeroKey
Legal

Data processing addendum

Our standard DPA for customers that need one. Available on request and signable through your usual flow.

Request the DPA
We send a signable PDF within 1 business day
Have your own template?
Send it over for review

Last updated · 14 May 2026

What our DPA covers

Our standard DPA covers Symprio's obligations when we process personal data on your behalf as part of the ZeroKey service. It is designed to satisfy Malaysian PDPA requirements and is consistent with international good practice for cross-region enterprise customers.

Headline terms

  • Roles. You are the data controller for the personal data you submit to ZeroKey; we are the data processor.
  • Purpose. We process only as instructed by you and as needed to deliver the service.
  • Security. We commit to specific organisational and technical measures, listed in the schedule.
  • Sub-processors. Listed with the contract; we notify you before material changes.
  • Sub-processor flow-down. Sub-processors are bound by terms no less protective than the ones we sign with you.
  • Data subject requests. We assist you in responding to access, correction, and deletion requests.
  • Breach notification. We notify you within 72 hours of becoming aware of a breach affecting your data.
  • Audit rights. You have the right to audit our practices on reasonable notice and at your own cost.
  • Return / deletion. On termination, we return or delete your data per your instruction, subject to legal retention.

Process

Email legal@symprio.com with your company name and your preferred signing flow (DocuSign / Adobe Sign / printed copy). We send a signable PDF within one business day.

Note for launch. The published DPA is a working template pending review by counsel for general availability. Enterprise customers should ask for the GA version before signing.