Legal · DPA

Data Processing Agreement

Effective Date: May 28, 2026Role: Data ProcessorGoverned by: Laws of India
QuickAuth (operated by CodeLamda Technologies Pvt. Ltd.) acts as a data processor on behalf of customer organisations (the data fiduciary / controller). This page summarises the framework; the signable agreement is provided on request to contact@quickauth.in.
Section 01

What the DPA Covers

  • Processing of end-user phone numbers, OTPs, and verification metadata.
  • Cross-border transfer mechanisms where applicable.
  • Customer rights: access, rectification, deletion, portability.
  • Breach notification timelines and incident-response duties.
  • Audit rights and confidentiality obligations.
  • Term, termination, and post-termination data-handling commitments.

Section 02

Sub-Processors

We engage the following sub-processors to deliver the Service. The full sub-processor list and change-notification process is included in the DPA.

  • Meta WhatsApp Cloud API — message delivery, template review.
  • AWS (Mumbai) — compute, storage, networking.
  • SmartPing — WhatsApp BSP, credit metering.
  • Karix — SMS / WhatsApp BSP routing.
  • Gupshup — SMS routing (legacy customers).
We provide 30 days' notice before adding or replacing a sub-processor. Customers have the right to object during that window.

Section 03

Frameworks We Align To

  • DPDP Act 2023 (India) — primary applicable framework for QuickAuth's India-resident processing.
  • GDPR — Standard Contractual Clauses (SCCs) available on request for EU customers.
  • SOC 2 Type II — our annual audit; see the Security page.

Section 04

Customer Rights

Under the DPA, customers retain the right to:

  • Request a copy of personal data being processed on their behalf.
  • Instruct deletion or correction within reasonable timelines.
  • Audit our processing activities (subject to confidentiality and operational constraints).
  • Receive breach notifications within 72 hours of confirmed incident classification.
  • Receive a return-or-deletion certification at contract termination.

Section 05

Requesting the DPA

Email contact@quickauth.in with your company name and the QuickAuth account it should be tied to. We send the signable DPA (PDF + DocuSign) within one business day.

For EU customers requiring SCCs or specific data-transfer mechanisms, please mention this in the request so we can pre-fill the relevant addenda.


Section 06

Contact

Legal & Compliance

DPA requests: contact@quickauth.in
Privacy questions: contact@quickauth.in
Trust & security: contact@quickauth.in