Data Processing Agreement

Last updated: 4 June 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between MarkupGo ("MarkupGo", "we", "us", the "Processor") and the customer ("you", the "Controller") and reflects the parties’ agreement with regard to the processing of personal data in connection with the MarkupGo services (the "Services"). It is designed to comply with Article 28 of the EU General Data Protection Regulation ("GDPR") and the UK GDPR.

1. Definitions

Terms such as "personal data", "processing", "data subject", "controller", "processor" and "supervisory authority" have the meanings given to them in the GDPR. "Subprocessor" means any third party engaged by MarkupGo to process personal data on the Controller’s behalf. "Applicable Data Protection Law" means the EU GDPR, the UK GDPR, and any other data protection law applicable to the processing.

2. Roles of the Parties

For the personal data processed under the Services, you act as the Controller and MarkupGo acts as the Processor. Where you are yourself acting as a processor on behalf of a third-party controller, you warrant that you have the necessary authority to instruct MarkupGo as a subprocessor.

3. Scope and Purpose of Processing

MarkupGo processes personal data only to provide the Services, that is, to convert HTML, templates, and related inputs into documents and images (PDF, image, and similar outputs), to store the generated outputs, to operate user accounts, and to provide support. The details of the processing — subject matter, duration, nature and purpose, types of personal data, and categories of data subjects — are set out in Appendix A.

4. Obligations of the Processor

MarkupGo shall:

• process personal data only on documented instructions from the Controller, including with regard to international transfers, unless required to do otherwise by law (in which case MarkupGo will inform the Controller, unless prohibited);
• ensure that persons authorised to process the personal data are bound by an obligation of confidentiality;
• implement appropriate technical and organisational measures as described in Appendix C;
• respect the conditions in Sections 6 and 7 for engaging subprocessors;
• assist the Controller, taking into account the nature of the processing, in responding to requests from data subjects and in ensuring compliance with the Controller’s obligations under Articles 32 to 36 GDPR;
• at the Controller’s choice, delete or return all personal data after the end of the provision of the Services, as set out in Section 10; and
• make available to the Controller the information necessary to demonstrate compliance with Article 28 GDPR.

5. Confidentiality

MarkupGo treats all personal data as confidential. Document inputs (the HTML, URL, Markdown, or template content submitted for rendering) are processed only in memory to produce the requested output and are not persisted to storage. We do not retain, analyse, sell, or manually review document inputs or compiled outputs for any purpose beyond providing the core Service functionality requested by the user. Outputs are not used for advertising or AI model training.

6. Security of Processing

Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, MarkupGo implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as further described in Appendix C.

7. Subprocessors

The Controller provides general authorisation for MarkupGo to engage the subprocessors listed in Appendix B. MarkupGo imposes data protection obligations on each subprocessor that are no less protective than those set out in this DPA and remains liable for the performance of each subprocessor’s obligations.

MarkupGo will inform the Controller of any intended addition or replacement of a subprocessor, giving the Controller the opportunity to object on reasonable data-protection grounds.

8. Data Subject Rights

Taking into account the nature of the processing, MarkupGo assists the Controller by appropriate technical and organisational measures, insofar as this is possible, in fulfilling the Controller’s obligation to respond to requests to exercise data subject rights (access, rectification, erasure, restriction, portability, and objection). If a data subject contacts MarkupGo directly, we will, where lawful, refer the request to the Controller.

9. Personal Data Breach

MarkupGo notifies the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s personal data, and provides the Controller with information reasonably required to meet the Controller’s obligations to report the breach to a supervisory authority and, where applicable, to data subjects.

10. International Data Transfers

Where the provision of the Services involves the transfer of personal data outside the United Kingdom or the European Economic Area, such transfers are carried out on the basis of an adequacy decision or appropriate safeguards, including the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable). The subprocessors in Appendix B operate under such safeguards.

11. Retention, Deletion and Return of Data

Document inputs. The content submitted for rendering (HTML, URL, Markdown, or template input) is not stored. It is processed in memory to generate the requested output and discarded once rendering completes.

Generated outputs. Only the generated document or image is retained, so that the Controller can retrieve it. The Controller has direct, self-service control over this data and may delete it at any time, without contacting us, through the dashboard or the API — individually or in bulk (including deletion by date range). The Controller may also set an expiration at render time (from 60 seconds up to 90 days), after which the output is automatically and permanently deleted by a scheduled process; deletion removes the file from object storage and purges it from the cache.

Upon termination of the Services, or upon the Controller’s written request, MarkupGo deletes or returns the personal data processed on the Controller’s behalf and deletes existing copies, unless storage is required by law. Account data may be deleted by contacting [email protected]. Error logs and system events that may incidentally contain technical data are automatically purged on a rolling basis and do not include document content.

12. Audit

MarkupGo makes available to the Controller information reasonably necessary to demonstrate compliance with this DPA and allows for and contributes to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, subject to reasonable notice, confidentiality obligations, and the protection of the security and confidentiality of other customers’ data.

13. Liability and Term

This DPA is effective for as long as MarkupGo processes personal data on the Controller’s behalf. The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service. In the event of a conflict between this DPA and the Terms of Service regarding the processing of personal data, this DPA prevails.

14. Contact

For any matter relating to this DPA, or to request a countersigned copy, contact us at [email protected].

Appendix A — Details of the Processing

• Subject matter: Conversion of customer-provided HTML, templates, and media into documents and images, and the storage of the resulting outputs. The submitted inputs themselves are not stored.
• Duration: Inputs are retained only for the moment of in-memory rendering. Generated outputs are retained until deleted by the Controller (at any time, via dashboard or API) or until an optional Controller-defined expiration (60 seconds to 90 days), and in any event until deletion in accordance with Section 11.
• Nature and purpose: Document and image generation, storage, account management, billing, and support.
• Categories of data subjects: The Controller’s end users, employees, customers, and any individuals whose personal data is contained in the inputs the Controller submits to the Services.
• Types of personal data: Account data (name, email address), billing data, IP addresses and usage data, and any personal data that the Controller chooses to include within document inputs (e.g. names and addresses on invoices). The Controller controls what content is submitted.
• Special category data: Not requested or required by the Services. The Controller should not submit special category data unless strictly necessary and lawful.

Appendix B — Authorised Subprocessors

Appendix C — Technical and Organisational Measures

• Encryption: Data is encrypted in transit (TLS) and at rest using the encryption provided by our storage and database subprocessors.
• Access control: Access to production systems and personal data is restricted to authorised personnel on a need-to-know basis and protected by authentication controls.
• Authentication: User accounts are protected by hashed credentials and JSON Web Tokens; passwords are never stored in plaintext.
• Network security: Services operate behind Cloudflare’s network with security headers, CORS restrictions, and rate limiting.
• Data minimisation: Document inputs are processed in memory and not stored; only generated outputs are retained, and the Controller can delete them at any time or set them to expire automatically.
• Logging and monitoring: Error logs and system events are recorded for security and debugging, exclude document content, and are automatically purged.
• Content integrity: Automated, non-human NSFW classification is applied solely to enforce content policies and protect platform integrity.
• Resilience: Data is stored on infrastructure providers offering redundancy and high availability.