Legal · DPA
Data Processing Agreement
Effective Date: May 28, 2026Role: Data ProcessorGoverned by: Laws of India
QuickAuth (operated by CodeLamda Technologies Pvt. Ltd.) acts as a data processor on behalf of customer organisations (the data fiduciary / controller). This page summarises the framework; the signable agreement is provided on request to contact@quickauth.in.
Section 01
What the DPA Covers
- Processing of end-user phone numbers, OTPs, and verification metadata.
- Cross-border transfer mechanisms where applicable.
- Customer rights: access, rectification, deletion, portability.
- Breach notification timelines and incident-response duties.
- Audit rights and confidentiality obligations.
- Term, termination, and post-termination data-handling commitments.
Section 02
Sub-Processors
We engage the following sub-processors to deliver the Service. The full sub-processor list and change-notification process is included in the DPA.
- Meta WhatsApp Cloud API — message delivery, template review.
- AWS (Mumbai) — compute, storage, networking.
- SmartPing — WhatsApp BSP, credit metering.
- Karix — SMS / WhatsApp BSP routing.
- Gupshup — SMS routing (legacy customers).
We provide 30 days' notice before adding or replacing a sub-processor. Customers have the right to object during that window.
Section 03
Frameworks We Align To
- DPDP Act 2023 (India) — primary applicable framework for QuickAuth's India-resident processing.
- GDPR — Standard Contractual Clauses (SCCs) available on request for EU customers.
- SOC 2 Type II — our annual audit; see the Security page.
Section 04
Customer Rights
Under the DPA, customers retain the right to:
- Request a copy of personal data being processed on their behalf.
- Instruct deletion or correction within reasonable timelines.
- Audit our processing activities (subject to confidentiality and operational constraints).
- Receive breach notifications within 72 hours of confirmed incident classification.
- Receive a return-or-deletion certification at contract termination.
Section 05
Requesting the DPA
Email contact@quickauth.in with your company name and the QuickAuth account it should be tied to. We send the signable DPA (PDF + DocuSign) within one business day.
For EU customers requiring SCCs or specific data-transfer mechanisms, please mention this in the request so we can pre-fill the relevant addenda.
Section 06
Contact
Legal & Compliance
DPA requests: contact@quickauth.in
Privacy questions: contact@quickauth.in
Trust & security: contact@quickauth.in