logoDraksy®


Data Processing Agreement (DPA)

Last updated: 2026-04-23

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between:

  • Draksy Limited (“Processor”, “we”, “us”), and
  • The Customer using Draksy (“Controller”, “you”).

This DPA applies where Draksy processes personal data on your behalf.

1. Roles and Scope

You are the data controller of your customer and business data.

Draksy acts as a data processor, processing personal data only:

  • to provide the Draksy platform (invoicing, payments, websites, customer management), and
  • in accordance with your instructions and applicable law.

2. Types of Data Processed

Depending on how you use Draksy, we may process:

  • Customer data (name, email, phone, address)
  • Invoice and payment data
  • Business information
  • Communications (e.g. emails sent via the platform)


We do not intentionally collect special category data (e.g. health data).

3. Purpose of Processing

We process personal data solely to:

  • provide and operate the Draksy service
  • facilitate payments (via third parties such as Stripe)
  • generate invoices, reports, and customer records
  • provide support where requested

We do not sell personal data.

4. Processor Obligations

Draksy will:

  • Process data only on your documented instructions
  • Ensure appropriate confidentiality of data
  • Implement appropriate technical and organisational security measures
  • Not access your data except:
  • to provide the service
  • for support (when required)
  • where required by law

5. Security Measures

We implement appropriate safeguards, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls limiting who can access systems
  • Secure infrastructure and database protections
  • Logging and monitoring of system activity

While no system is completely immune, we take reasonable steps to protect data against unauthorised access, loss, or misuse.

6. Sub-processors

We use trusted third-party providers to deliver parts of the service.

These may include:

  • Payment processors (e.g. Stripe)
  • Hosting and infrastructure providers
  • Email delivery services

We ensure that sub-processors are subject to appropriate data protection obligations.

7. International Transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place (such as standard contractual clauses or equivalent mechanisms).

8. Data Retention

We retain personal data:

  • for as long as necessary to provide the service
  • to comply with legal obligations (e.g. financial record-keeping)


You may request deletion of your data, subject to legal retention requirements.

9. Data Subject Rights

As the controller, you are responsible for responding to data subject requests.

We will assist you, where reasonably possible, in handling:

  • access requests
  • correction or deletion requests

10. Data Breaches

In the event of a personal data breach, we will:

  • take steps to contain and investigate the issue
  • notify you without undue delay where required


You are responsible for any required notifications to regulators or individuals.

11. Audits and Access

We do not provide direct audit access to internal systems.

However, we can provide reasonable information about our data handling and security practices upon request.

12. Termination

Upon termination of your use of Draksy, we will:

  • delete or return your data upon request
  • retain only what is required for legal or regulatory purposes

13. Liability

Each party is responsible for its own compliance with applicable data protection laws.

14. Contact

For data protection queries, contact:

support@draksy.com

Draksy Limited

HomeWhat we doAboutPrivacyTerms
© 2026 Draksy Limited. All rights reserved.

Company No. 15230890. Registered in England and Wales. Draksy™ and its Logo is a trademark of Draksy Limited.