Data Processing Agreement

Last updated: February 4, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and TestRelic, Inc. ("Processor") and governs the processing of personal data.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Controller: The entity that determines the purposes and means of processing
  • Processor: The entity that processes personal data on behalf of the Controller
  • Sub-processor: Any processor engaged by TestRelic

2. Scope and Roles

Customer acts as the Controller, and TestRelic acts as the Processor. TestRelic will process personal data only on documented instructions from Customer.

3. Data Processing Details

3.1 Subject Matter

Processing of test data and logs for analytics purposes.

3.2 Duration

For the term of the agreement and retention period.

3.3 Nature and Purpose

Analysis, storage, and insights generation from test execution data.

3.4 Types of Personal Data

  • User identification data (email, name)
  • Usage data (logs, metrics)
  • Any personal data contained in test logs

3.5 Categories of Data Subjects

  • Customer's employees and contractors
  • End users referenced in test data

4. Processor Obligations

TestRelic will:

  • Process personal data only on documented instructions
  • Ensure personnel are bound by confidentiality
  • Implement appropriate technical and organizational measures
  • Engage sub-processors only with Customer's consent
  • Assist Customer in responding to data subject requests
  • Notify Customer of personal data breaches within 72 hours
  • Delete or return personal data upon termination
  • Make available information necessary to demonstrate compliance

5. Security Measures

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Access controls and authentication
  • Regular security audits
  • Incident response procedures
  • Industry-standard security practices

6. Sub-processors

TestRelic engages the following sub-processors:

  • Amazon Web Services (AWS): Cloud infrastructure hosting
  • Stripe: Payment processing
  • SendGrid: Email delivery

Customer may object to new sub-processors within 30 days of notification.

7. Data Subject Rights

TestRelic will assist Customer in fulfilling data subject rights requests:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

8. Data Breach Notification

TestRelic will notify Customer within 72 hours of becoming aware of a personal data breach, including:

  • Nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences
  • Measures taken or proposed to address the breach

9. Data Return and Deletion

Upon termination, TestRelic will:

  • Delete all personal data within 30 days, or
  • Return personal data if requested by Customer
  • Provide written confirmation of deletion

10. Audits

Customer may audit TestRelic's compliance with this DPA:

  • Once per year with 30 days notice
  • Via third-party auditor bound by confidentiality
  • During business hours without disrupting operations

11. International Transfers

For data transfers outside the EEA, TestRelic uses:

  • Standard Contractual Clauses (SCCs) approved by EU Commission
  • Adequacy decisions where available
  • Additional safeguards as required

12. Limitation of Liability

Each party's liability under this DPA is subject to the limitations in the Terms of Service.

13. Governing Law

This DPA is governed by the same law as the Terms of Service.

14. Contact

For DPA inquiries: dpa@testrelic.co
Data Protection Officer: dpo@testrelic.co