DataFast Data Processing Agreement (DPA)

Last updated: August 9, 2025

This Data Processing Agreement ("DPA") is between JustShipIt Pte. Ltd. (trading as DataFast) and you, the customer. It forms part of the Terms of Service and governs how we handle personal data on your behalf.

1. Key Terms (Plain English)

  • Controller – That's you. You decide what data to collect and why (your visitors, your website).
  • Processor – That's us, DataFast. We process the data only to give you analytics and related services.
  • Subprocessor – Vendors we use to help process data (e.g., hosting providers).

2. Scope of Processing

  • When you add the DataFast script to your website, we collect visitor information such as IP address, browser type, device info, user agent, country, unique identifiers, and page activity.
  • We use cookies to track visitors. You are responsible for ensuring your website complies with GDPR/ePrivacy rules, including showing a cookie banner where required.
  • We process data only to provide you with analytics, reporting, and related features. We never use your data for our own marketing or profiling. We never sell or share your data to third parties.

3. Data Retention

  • Customer account data is kept until you delete your account.
  • Visitor data retention varies:
    • Short-term trial customers – deleted within weeks.
    • Long-term customers – retained longer to provide historical analytics.
  • You can request deletion at any time.

4. Subprocessors

We currently use the following trusted vendors to process data: AWS, Vercel, Mapbox, OpenAI, MongoDB, Upstash, TinyBird, Clickhouse.

We may add or replace subprocessors, and will update this page when we do.

5. International Data Transfers

Most of our infrastructure is located outside the EU, including in the United States. This means personal data of EU/EEA residents will be transferred internationally. We rely on our subprocessors' compliance with applicable laws (including GDPR Standard Contractual Clauses where relevant) to safeguard these transfers.

6. Security Measures

We implement the following security measures:

  • Encryption in transit via HTTPS.
  • Access controls – only authorised DataFast users can access their own data.
  • Backups to prevent accidental loss of important data.
  • Secure hosting with reputable vendors.

7. Roles & Responsibilities

Your responsibilities:

  • Ensure you have a lawful basis to collect and process personal data.
  • Implement a cookie banner and/or privacy notice if required by law.
  • Manage deletion requests from your users.

Our responsibilities:

  • Process data only on your instructions.
  • Keep data secure and confidential.
  • Assist you in meeting your data protection obligations, within reason.

8. Governing Law

This DPA is governed by the laws of Singapore. Any disputes will be resolved exclusively in the courts of Singapore.

By using DataFast, you agree to this DPA.

Questions about this DPA? Contact us 📧