Data Processing AgreementDefinitions
GDPR Art. 28Last updated: June 2026

Data Processing
Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between FunctionFly™ LLC ("Processor") and the customer ("Controller") for enterprise deployments requiring GDPR compliance.

SOC 2 Type II
ISO 27001
GDPR Compliant

72-Hour Breach Notification

We notify you within 72 hours of becoming aware of any security incident affecting personal data.

SOC 2 Type II Certified

Our security controls are audited annually by independent third parties.

GDPR Art. 28 Compliant

Full compliance with EU data protection requirements for data processors.

Subprocessor Transparency

Complete visibility into all third parties processing your data.

In this DPA, the following terms have the meanings given below:

"Applicable Data Protection Law"
means the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national implementing laws.
"Personal Data"
means any information relating to an identified or identifiable natural person as defined in Applicable Data Protection Law.
"Processing"
has the meaning given in Applicable Data Protection Law.
"Controller"
means the natural or legal person which, alone or jointly with others, determines the purposes and means of Processing.
"Processor"
means a natural or legal person that processes Personal Data on behalf of the Controller.
"Subprocessor"
means any processor engaged by the Processor to process Personal Data on behalf of the Controller.
"Data Subject"
means an identified or identifiable natural person whose Personal Data is processed.
"Security Incident"
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

2.1 Subject Matter

The Processor provides a cloud platform service for publishing, discovering, running, and managing serverless functions and related developer tools. The Processing of Personal Data under this DPA is limited to the data described in this Section 2.

2.2 Nature and Purpose of Processing

The Processor shall process Personal Data for the following purposes:

  • Providing and maintaining the FunctionFly™ platform service
  • Account management and authentication
  • Billing and subscription management
  • Function execution, logging, and monitoring
  • Security, abuse prevention, and fraud detection
  • Compliance with legal obligations

2.3 Categories of Personal Data

The Processor may process the following categories of Personal Data:

  • Account information (name, email, company, job title)
  • Authentication and session data (IP address, user agent, login timestamps)
  • Billing and transaction metadata
  • Function execution metadata (timestamps, function identifiers, error logs)
  • API usage logs and quota events
  • Support communications when you contact us

2.4 Categories of Data Subjects

This DPA covers Processing of Personal Data relating to:

  • Controller's users and employees who use the FunctionFly™ platform
  • API consumers and agents acting on behalf of the Controller
  • Any other individuals whose data the Controller submits to the Service

2.5 Duration

Processing under this DPA shall continue for the duration of the Terms of Service. Upon termination, the Processor will delete or return Personal Data according to Section 4 and the controller's instructions, except where retention is required by law.

Need a Custom DPA?

Enterprise customers may require custom data processing terms, additional security questionnaires, or on-site audit arrangements. Our legal team is ready to help.

Typically respond within 1 business day. For urgent matters, email privacy@functionfly.com directly.