Session Snapshot
Start free

SessionSnapshot Data Processing Agreement (DPA)

Last updated: August 13, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Controller") and SessionSnapshot (the "Processor"). It governs our processing of personal data on your behalf when you use SessionSnapshot to capture activity from your users during testing.

1. Roles and Definitions

  • Controller: You. You decide what data to collect and the purposes of processing.
  • Processor: SessionSnapshot. We process data only to provide analytics and related features you enable.
  • Subprocessor: Third‑party vendors we use to help provide the Service, such as hosting or infrastructure providers.

2. Scope of Processing

When you run the SessionSnapshot extension on your site or app, you may capture personal data such as IP address, user agent, device information, and page interactions. By default, this data is stored locally on your device. If you export this data or enable optional features that transmit data, we process the data solely to provide you with session analytics, reporting, and test generation features.

3. Instructions

We will process personal data only on your documented instructions, including as described in the Terms, this DPA, and your feature configurations. We will not use your data for our own profiling or marketing.

4. Security Measures

  • Encryption in transit via HTTPS for any transmitted data.
  • Access controls to ensure only authorized users can see their data.
  • Backups for essential service metadata where applicable.
  • Secure hosting with reputable vendors when cloud services are used.

5. Subprocessors

We may use subprocessors such as hosting, databases, or analytics infrastructure. We ensure subprocessors are bound by obligations no less protective than those set out in this DPA. We will maintain a list of material subprocessors upon request.

6. International Transfers

Where personal data is transferred internationally, we rely on appropriate safeguards as required by applicable law.

7. Assistance and Data Subject Requests

We will provide reasonable assistance to help you meet your obligations under applicable data protection laws, including responding to data subject requests that you direct to us.

8. Retention and Deletion

You control how long locally captured session data is kept on your devices. For any data processed by us, we retain it only as long as necessary to provide the Service or as required by law. Upon termination, you may request deletion of personal data in our systems, and we will delete it unless retention is legally required.

9. Governing Law

This DPA is governed by the laws of Romania. Any disputes will be resolved by the competent courts of Romania.

10. Contact

Questions about this DPA?

Email us