PARSEABLE DATA PROCESSING ADDENDUM
Last Updated: March 09, 2026
This Data Processing Addendum ("DPA") forms part of the Cloud Services Agreement between Parseable, Inc. ("Parseable") and the customer ("Customer").
This DPA shall also apply to the users of the Parseable Website, as set out in the Terms of Use available at https://parseable.com/tos.
Pursuant to the Cloud Services Agreement between Parseable and Customer ("CSA"), Parseable provides Customer an observability platform enabling telemetry, log, and event ingestion, parsing, indexing, querying, alerting, and retention management ("Parseable Platform"). To provide such services to the Customers, through the Parseable platform, Parseable processes Personal Data on behalf of Customer. This DPA sets out the terms that will apply to the processing of Personal Data by Parseable under the CSA or other commercial terms governing Customer's purchase and usage of the Services.
This DPA is a "data processing addendum" under the GDPR/UK GDPR and a "service provider contract" under the CCPA/CPRA.
1. Definitions
"Personal Data", "Controller", "Processor", "Data Subject", "Processing" and "Supervisory Authority" have the meanings given in GDPR/UK GDPR.
"Data Protection Laws" means all applicable privacy and data protection laws, including GDPR, UK GDPR, the Swiss Federal Data Protection Act and CCPA/CPRA.
"Services" means the Parseable Platform and related products, features, functionality, and support services made available to Customer under the CSA.
"Sub-processor" means any third party engaged by Parseable to process Personal Data on behalf of Customer.
"SCCs/IDTA" means the applicable EU Standard Contractual Clauses and UK International Data Transfer Agreement/Addendum.
"Data Subject Request" means a request by or on behalf of a Data Subject to exercise rights under Data Protection Laws.
"Restricted Transfer" means a transfer of Personal Data from the European Economic Area (EEA), UK, or Switzerland to a country without adequacy under the GDPR, UK GDPR, or Swiss FADP.
2. Roles of the Parties
Customer acts as Controller (or "Business" under the CCPA/CPRA) and Parseable acts solely as Processor (or "Service Provider" under the CCPA/CPRA).
3. Scope of Processing
3.1 The subject matter, duration, nature and purpose of the processing, and categories of Personal Data and Data Subjects are set out in Annex 1.
3.2 Customer's instructions consist of: (i) configurations enabled within the Services, (ii) this DPA, (iii) the CSA, and (iv) written instructions acknowledged by Parseable. Parseable will notify Customer if an instruction appears unlawful.
4. Processor Obligations
Parseable will:
4.1 Process Personal Data only on documented instructions from Customer consisting of: (i) configurations enabled within the Services, (ii) this DPA, (iii) the CSA, and (iv) written instructions acknowledged by Parseable.
4.2 Impose confidentiality obligations on personnel.
4.3 Implement security measures as set out in Annex 2.
4.4 Assist Customer with Data Subject rights requests.
4.5 Assist Customer with security, breach notifications, and data protection impact assessments.
4.6 Delete or return Personal Data when Services end, subject to any data retention required by law.
4.7 Provide information, upon request, to Customer, as reasonably necessary to comply with Data Protection Laws and permit limited audits (annual unless required otherwise).
4.8 Respond to Data Subject Requests only as instructed and not directly unless legally required.
5. Sub-processors
5.1 Customer grants general authorization for Parseable to engage Sub-processors. The list of Sub-processors currently engaged by Parseable can be found in Annex 3. Parseable will provide change notifications to the list at least 14 days in advance, thereby giving the Customer the opportunity to object to such changes.
5.2 Parseable imposes flow-down obligations equivalent to this DPA on its Sub-processors.
5.3 Parseable remains fully liable to the Customer for the performance of the Sub-processor's obligations under its contract with Parseable.
6. International Transfers
6.1 Customer agrees that the Services will involve Restricted Transfers.
6.2 Restricted Transfers shall only occur where appropriate safeguards exist, as required by Data Protection Laws, including entering into appropriate SCCs/IDTA (as set out in Annex 4), which shall be deemed incorporated into this Agreement with respect to such Restricted Transfers.
6.3 In the event of a conflict between this DPA and the SCCs/IDTA, the SCCs/IDTA, as applicable, shall prevail.
7. CPRA (California) Service-Provider Terms
7.1 This Section applies solely to the Processing of Personal Information relating to residents of the State of California, USA, and is intended to satisfy the requirements of the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").
7.2 Terms including "Business," "Service Provider," "Personal Information," "Consumer," "Sell," "Selling," "Share," and "Sharing" have the meanings given to them in the CCPA/CPRA.
7.3 If and to the extent the CCPA applies to Parseable, the parties acknowledge that, with respect to Customer Personal Information, Customer is the Business and Parseable is the Service Provider. "Customer Personal Information" means Personal Information of Customer's Consumers provided or otherwise made available to Parseable under the Agreement.
7.4 Parseable will not Sell or Share Customer Personal Information. Parseable will only Process Customer Personal Information as necessary to perform the Services, or as otherwise permitted under the CCPA.
7.5 Parseable will not retain, use, or disclose Customer Personal Information for any purpose other than the specific Business Purposes set forth in the Agreement; outside the direct business relationship between the parties. Business Purpose has the meaning given in the CPRA and includes provision, maintenance, and improvement of the Services as described in the Agreement.
7.6 Parseable will not combine Customer Personal Information with other Personal Information except to the extent permitted under the CCPA (e.g., for detecting security incidents or improving the quality of the Services).
7.7 Engaged Sub-processors will be bound by CPRA-compliant written contracts that impose obligations equivalent to those set forth in this Section.
7.8 Upon receiving a verifiable request from a Consumer that relates to Customer Personal Information, Parseable will, upon Customer's written instruction, assist the Customer in responding to the request, including by deleting Customer Personal Information and instructing Sub-processors to do the same. Parseable will not respond directly to any Consumer request unless legally required to do so, in which case Parseable will promptly notify Customer unless prohibited by law.
7.9 Customer is responsible for providing any required Consumer notices regarding its disclosure or Sharing of Personal Information with Parseable.
7.10 Parseable will notify Customer if it determines that it can no longer meet its obligations under the CCPA.
8. Customer Obligations
Customer will:
8.1 Ensure that Personal Data is collected and processed lawfully.
8.2 Provide lawful instructions to Parseable for Processing.
8.3 Ensure appropriate notices are provided to, and consents are obtained from, Data Subjects, in accordance with Data Protection Laws.
8.4 Determine retention periods and lawful bases for Processing Personal Data.
8.5 Ensure accuracy of Personal Data.
8.6 Not intentionally submit special category data or children's data without agreement.
9. Security and Incidents
9.1 Parseable maintains security measures described in Annex 2.
9.2 Parseable will notify Customer of Personal Data Breaches without undue delay. Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
10. Limitation of Liability
The limitations of liabilities agreed under the CSA shall apply to this DPA, to the maximum extent permitted by law.
11. Term
This DPA remains effective while Parseable processes Personal Data for Customer.
12. Order of Precedence
This DPA prevails over the CSA for data protection matters; SCCs/IDTA prevail over this DPA if conflicting.
Annex 1 — Description of Processing
A. Subject Matter: Use of Parseable Cloud for log, metrics, traces, event, and telemetry data analytics.
B. Duration: Duration of the CSA plus applicable retention period as per Customer's instructions and as per applicable law.
C. Nature & Purpose: Ingestion, parsing, indexing, storage, retrieval, querying, analysis, alerting, and retention management.
D. Data Subjects: Customer end users, employees, contractors; individuals whose data appears in logs, traces or metrics.
E. Categories of Data: Log metadata, identifiers (IP, user ID), names/emails if included by Customer, usage data; no special categories expected.
F. Instructions: Customer's instructions to Parseable through (i) the configurations and settings Customer enables within the Services (including through the admin console, APIs, and other controls), and (ii) documented instructions or requests provided by Customer (including the CSA, applicable Documentation, this DPA, and written requests such as tickets or emails).
G. Sensitive Data: Not intended for special categories or children's data.
H. Retention: As configured by Customer (including the CSA, applicable Documentation, this DPA, and written requests such as tickets or emails); deletion upon termination.
Annex 2 — Technical & Organizational Security Measures
- Access controls: least privilege, Multi-factor Authorization, role-based permissions.
- Data security: encryption in transit and at rest; network segmentation; secrets management.
- Operational security: monitoring, logging, vulnerability management, incident response.
- Availability & resilience: backups, replication, disaster recovery.
- Personnel security: confidentiality, training.
- Sub-processor oversight: due diligence and contractual flow-down obligations.
Annex 3 — List of Sub-processors
| Sub-processor | Website |
|---|---|
| GitHub | github.com |
| CodeRabbit | coderabbit.com |
| Zoho Books | zoho.com/in/books |
| Attio | attio.com |
| Dub | dub.sh |
| Google Workspace | workspace.google.com |
| Figma | figma.com |
| Anthropic | anthropic.com |
| Tigris Data | tigrisdata.com |
| Google Cloud | cloud.google.com |
| Clerk | clerk.com |
| Slack | slack.com |
| Google Analytics | analytics.google.com |
| Stripe | stripe.com |
| OpenAI | openai.com |
Annex 4 — International Transfer Mechanisms
- EU SCCs (2021 Controller–Processor Module) as published by the European Commission.
- UK Addendum/IDTA for UK transfers.
