KB Labs
Log inStart free

Data Processing Agreement

Last updated: January 2026

This Data Processing Agreement ("DPA") supplements our Terms of Service and applies where KB Labs processes personal data on your behalf as a data processor under GDPR or equivalent data protection law.

Definitions

  • Controller — you, the customer, who determines the purposes and means of processing.
  • Processor — KB Labs, acting on your instructions to process personal data.
  • Sub-processor — a third party engaged by KB Labs to assist in processing.
  • Personal data — any information relating to an identified or identifiable natural person.

Processing instructions

KB Labs will process personal data only on your documented instructions, including those set out in the Terms of Service and this DPA, unless required to do so by applicable law. KB Labs will promptly inform you if any instruction infringes data protection law.

Confidentiality

KB Labs will ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations and are trained in data protection requirements.

Security measures

KB Labs implements and maintains appropriate technical and organisational security measures, including encryption at rest (AES-256), encryption in transit (TLS 1.3), access controls, and regular security reviews. See our Security page for details.

Sub-processors

KB Labs uses the following categories of sub-processors to deliver the Service:

  • Cloud infrastructure — hosting, storage, and networking
  • Payment processing — Stripe (PCI DSS Level 1 certified)
  • Email delivery — transactional email service
  • Monitoring — error tracking and performance monitoring

We will notify you of any intended changes to sub-processors with at least 14 days' notice. A current list of sub-processors is available on request at privacy@kblabs.ru.

International transfers

Where personal data is transferred outside the EEA or UK, KB Labs ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions. Enterprise customers may request EU-only data residency.

Data subject rights

KB Labs will assist you in responding to requests from data subjects exercising their rights under applicable data protection law (access, rectification, erasure, portability, etc.), taking into account the nature of the processing and the information available.

Data breach notification

KB Labs will notify you without undue delay, and in any event within 72 hours, of becoming aware of a personal data breach affecting your data. Notification will include the nature of the breach, categories and approximate number of affected data subjects, and recommended mitigation steps.

Deletion and return

On termination of the Services, KB Labs will delete all personal data within 30 days, unless applicable law requires retention. On request, we will provide a written confirmation of deletion.

Audit rights

You may audit KB Labs' compliance with this DPA, subject to 30 days' written notice and at your expense. We will provide access to relevant documentation and, where available, share third-party audit reports (SOC 2, etc.) in lieu of an on-site audit.

Contact

For DPA-related enquiries, email privacy@kblabs.ru. Enterprise customers can request a countersigned DPA for their records.