Data Processing Agreement
Effective from 30 May 2026.
This page describes the structure of Codexroom's Data Processing Agreement. The full DPA is a separate document available on request and bundled with every Enterprise contract.
1.Parties
You (the data controller). Codexroom Pte. Ltd., a company registered in Singapore (the data processor).
2.Subject matter
The processing of personal data by Codexroom in the course of providing the service.
3.Categories of data subjects
Your workspace users (governors, creators, viewers). Your share recipients.
4.Categories of personal data
Account data: name, email, user ID.
Share recipient data: name, email (if supplied), session ID, geography at city level, user agent.
Audit data: timestamps and actor IDs for every mutation.
5.Subprocessors
Listed and kept current on the trust subprocessor page. Notification of changes follows the schedule on that page.
6.Security measures
Documented on the trust security page.
7.International transfers
For personal data originating in Singapore: PDPA Section 26 cross-border transfer requirements, with contractual safeguards equivalent to the prescribed standard of protection. For personal data originating in the EU: the EU Standard Contractual Clauses (2021/914). For personal data originating in the UK: the EU SCCs together with the UK International Data Transfer Addendum. For personal data of California residents: service-provider obligations under the CCPA.
8.Breach notification
Codexroom notifies the customer inside 72 hours of confirmed breach, in line with the PDPA Data Breach Notification obligation and Article 33 GDPR.
9.Audit rights
Customer audit rights as documented in the full DPA.
10.Term and termination
Runs concurrent with the master service agreement.
Request the full DPA at legal@codexroom.com. Data Protection Officer: dpo@codexroom.com.