ContactLog InSign Up
Legal

Data Processing Agreement

Last Updated: January 3, 2026

Note: This is a placeholder Data Processing Agreement. The final version is being prepared by our legal team and will be published shortly. For questions or to request a signed DPA, contact info@owl-eyes.com.

Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Owl Eyes (operated by Sequenxa, the "Processor") and the customer ("Controller") using Owl Eyes services that involve the processing of personal data.

This DPA reflects the parties' agreement regarding the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data, including collection, storage, use, and deletion.
  • "Data Subject" means the individual whose personal data is being processed.
  • "Sub-processor" means any third party engaged by Owl Eyes to process personal data on behalf of the Controller.

Scope of Processing

Categories of Data Subjects

  • End users submitting identity verification requests
  • Customer employees accessing the platform

Categories of Personal Data

  • Identity information (name, date of birth, nationality)
  • Identity documents (passport, driver's license, national ID)
  • Biometric data (facial photographs, liveness data)
  • Device and location information
  • Verification results and metadata

Purpose of Processing

Personal data is processed solely for the purpose of providing identity verification services as requested by the Controller.

Processor Obligations

Owl Eyes agrees to:

  • Process personal data only on documented instructions from the Controller
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to data subject requests
  • Notify the Controller of any personal data breach without undue delay
  • Delete or return all personal data upon termination of services
  • Make available information necessary to demonstrate compliance

Sub-processors

The Controller authorizes Owl Eyes to engage sub-processors for the provision of services. Owl Eyes will maintain a list of current sub-processors and notify the Controller of any intended changes.

Current sub-processors include:

  • Cloud infrastructure providers
  • Payment processors
  • Analytics services

International Transfers

When personal data is transferred outside the European Economic Area or other jurisdictions with data transfer restrictions, Owl Eyes ensures appropriate safeguards are in place, such as Standard Contractual Clauses.

Security Measures

Owl Eyes implements security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and audits
  • Incident response procedures
  • Employee security training

Data Retention

Personal data will be retained for the period necessary to provide services and comply with legal obligations. Upon termination or upon request, personal data will be deleted or returned as specified by the Controller.

Governing Law

This DPA shall be governed by the same law that governs the Terms of Service, unless otherwise required by applicable data protection laws.

Request a Signed DPA

For a signed copy of this DPA or questions, contact us at:

info@owl-eyes.com