This Data Processing Agreement ("DPA") is entered into between the customer accepting the OptiWolf Terms of Service (the "Customer", acting as controller) and UniBreeze Kft. (1141 Budapest, Paskál utca 48. fszt. 1., Hungary; reg. no. 01-09-281663) ("OptiWolf", acting as processor). It is incorporated into and forms part of the Terms of Service for all plans, including the Free plan, and applies whenever OptiWolf processes personal data on the Customer's behalf. In case of conflict regarding data protection, this DPA prevails over the Terms.
OptiWolf processes Customer Personal Data only on the Customer's documented instructions, namely: the Terms, this DPA, and the configuration the Customer makes in the product (experiments, campaigns, goals, retention settings, webhook endpoints). OptiWolf informs the Customer if, in its opinion, an instruction infringes data protection law.
Persons authorized to process Customer Personal Data (today: the founder-operator; in future, any personnel or contractors) are committed to confidentiality by contract or statute.
OptiWolf implements and maintains the technical and organizational measures in Annex II. It may update them, provided security is not materially reduced.
OptiWolf notifies the Customer without undue delay, and in any case within 72 hours, after becoming aware of a personal data breach affecting Customer Personal Data, providing the information reasonably required by Art. 33(3) as it becomes available, and cooperates in the Customer's own notification obligations. Notification is not an admission of fault.
Upon termination of the service, OptiWolf deletes Customer Personal Data after the 30-day export window in the Terms, unless EU or Member State law requires longer storage. During the term, the Customer controls retention directly: leads honor the Customer's configured retention window and the in-product deletion tools; experiment event data is deleted with the experiment or the account. Backups containing deleted data rotate out within the backup retention window (up to 35 days).
OptiWolf makes available the information reasonably necessary to demonstrate compliance with Art. 28, including this DPA, Annex II, and answers to reasonable written security questionnaires (at most once per 12 months). Where this is insufficient, the Customer may conduct or mandate an audit at its own cost, on at least 30 days' notice, during business hours, no more than once per year, without access to other customers' data.
Customer Personal Data is hosted in Germany (EU). Where a subprocessor processes personal data in a third country (see Annex III), the transfer relies on an adequacy decision (including the EU-US Data Privacy Framework where the subprocessor is certified) or on the European Commission's Standard Contractual Clauses concluded between OptiWolf and that subprocessor. Where the Customer is itself outside the EEA in a jurisdiction requiring a transfer mechanism from the Customer to OptiWolf, the parties agree the SCCs (module four or the applicable module) are deemed incorporated by reference.
Liability under this DPA is subject to the limitations of liability in the Terms of Service, except where mandatory data protection law provides otherwise.
| Item | Description |
|---|---|
| Subject matter | Operation of the OptiWolf conversion-optimization and lead-generation service on the Customer's websites: A/B testing, personalization, popup campaigns, and measurement |
| Duration | The term of the Customer's account, plus the 30-day export window, plus backup rotation (up to 35 days) |
| Nature and purpose | Delivering page variants and campaigns in visitors' browsers; recording pseudonymous exposure, conversion, and campaign events for statistical reporting; storing and delivering leads submitted by visitors to the Customer |
| Categories of data subjects | Visitors and users of the Customer's websites |
| Categories of personal data | Pseudonymous first-party visitor and session identifiers; experiment assignment; exposure/conversion/campaign events with page URLs and timestamps; revenue amounts, currency, and order references for revenue goals; leads: email address, consent flag, submission page, and any additional form fields the Customer configures (e.g. name). IP addresses are processed transiently for delivery and abuse prevention and are not stored with events or leads. Deliberately kept on-device and never received by OptiWolf: the behavioral visitor profile used for targeting and all merge-tag personalization values |
| Special categories | None. The Customer must not collect special-category data (Art. 9), payment-card data, or government identifiers through the service (see the Acceptable Use Policy) |
| Frequency | Continuous, while the Snippet is installed and campaigns/experiments run |
| Area | Measure |
|---|---|
| Hosting | Single-tenant-operated infrastructure in Germany (EU); Cloudflare edge in front (DDoS mitigation, TLS) |
| Encryption in transit | TLS on all public endpoints; edge-to-origin encrypted |
| Access control | Server access by key-based SSH restricted to the operator; application access session-based; passwords stored only as bcrypt hashes |
| Tenant isolation | Every query is scoped to the owning account; parameterized statements throughout (SQL-injection safe) |
| Data minimization by design | Behavioral profiles and personalization values are computed and stored client-side only; the server receives outcome events, not browsing history; no advertising or cross-site identifiers |
| Input hardening | Lead endpoint: honeypot, minimum-time gate, per-IP rate limiting, field whitelisting to the configured form schema; campaign content sanitized server-side; widget rendering uses text-only DOM writes in a shadow root |
| Integrity of delivery | Webhooks signed with HMAC-SHA256 per-account secrets; retries with backoff and delivery-state visibility |
| Backups and recovery | Nightly database backups to offsite storage (encrypted at rest at the storage provider), retained up to 35 days; restore procedure documented in the operations runbook |
| Breach handling | Incident response per Section 7; operational runbook maintained in the operations documentation |
| Personnel | Solo-operated at the effective date; any future personnel/contractors bound to confidentiality and least-privilege access |
Current subprocessors of Customer Personal Data:
| Subprocessor | Purpose | Location / transfer basis |
|---|---|---|
| Cloudflare, Inc. | Content delivery network, DNS, DDoS protection in front of all service traffic (data in transit) | Global edge; US parent, EU-US Data Privacy Framework certified |
| DigitalOcean, LLC | Cloud infrastructure hosting the application and database | Data center in Germany (EU); US parent, SCCs/DPF |
Pending subprocessors, disclosed for transparency; each will be named here with its location before it processes any Customer Personal Data, with the Section 5 notice:
| Function | Status |
|---|---|
| Offsite backup storage (planned: Backblaze, EU region preferred) | Engaged before backup processing begins |
| Transactional email delivery (lead notification emails contain lead data; candidates: Resend, Amazon SES, Brevo) | Engaged before email notifications go live |
| Error monitoring (planned: Sentry; request metadata may appear in error reports) | Engaged before production use |
Contact: [email protected]