There is no data
for us to process.
A Data Processing Agreement governs a provider that processes personal data on a customer's behalf. NovaBash does not do that. There is no server and no database, and your vault never reaches us, so there is no processing relationship to paper over.
Why no DPA is needed
Under UK and EU GDPR Article 28, a DPA applies where a processor handles personal data for a controller. NovaBash handles none on your behalf: everything you put in stays encrypted on your own device. With no data flowing to us, there is nothing for a DPA to cover.
What about the host
The website is served as static files by Cloudflare Pages, which keeps its own request logs as any host does. That is a matter between you, as a visitor, and Cloudflare under their terms; it is not a NovaBash processing activity. The privacy note covers it.
If your situation genuinely differs
If a procurement process insists on a signed agreement, write to enquiries@aperintel.com and we will talk it through. In almost every case there is simply nothing to process.
Questions go to enquiries@aperintel.com.
Pre-launch revision · independent legal review is part of our v1.0 release process.