Data Processing Agreement
Last Updated: April 28, 2026
This DPA Addendum forms an integral part of the Terms of Service and applies to the extent that we process Personal Data contained within the payloads and emails you transmit to the Service. It outlines our respective roles and obligations under the GDPR, ensuring that we both comply with applicable data protection laws when using Sinkbox.
By agreeing to the Terms of Service, you (the "Data Controller") and Bedriva Sverige AB (the "Data Processor") enter into this Data Processing Agreement, which forms an integral part of the Terms.
1. Roles and Scope
- You acknowledge that while Sinkbox is intended for non-production test data, you may inadvertently or intentionally route Personal Data through the Service.
- In such cases, you are the Data Controller, and we act as the Data Processor.
- The nature and purpose of processing is solely to provide the Sinkbox Service (capturing, temporarily storing, and displaying HTTP/email payloads).
2. Our Obligations as a Data Processor
We commit to:
- Processing Personal Data only on your documented instructions (which includes providing the Service as described in these Terms).
- Ensuring that persons authorized to process the Personal Data have committed themselves to confidentiality.
- Taking all measures required pursuant to Article 32 of the GDPR (Security of processing), maintaining industry-standard technical and organisational security measures.
- Strict EU Data Boundary: Exclusively hosting, storing, and processing all Personal Data within the European Union (EU/EEA). We guarantee that we will not initiate any data transfers outside the EU/EEA. The only exception to this strict regional boundary is if you, or your authorized users, choose to access the Service dashboard, view payloads, or export data from a physical location outside of the EU/EEA.
- Assisting you, insofar as this is possible, in fulfilling your obligations to respond to requests from Data Subjects exercising their rights under the GDPR.
- Notifying you without undue delay after becoming aware of a Personal Data breach.
3. Data Retention and Deletion
In accordance with our Data Retention Policy, all Customer Data (including any potential Personal Data within it) is automatically and permanently deleted based on your subscription plan. You instruct us to execute this deletion automatically. Once deleted, the data cannot be recovered.
4. Sub-processors
You grant us general authorization to engage sub-processors to assist in providing the Service (such as EU-based cloud infrastructure and email routing providers). We guarantee that all current and future sub-processors process data exclusively within the EU/EEA and are bound by data protection obligations no less protective than those in this DPA. We will inform you of any intended changes concerning the addition or replacement of sub-processors, giving you the opportunity to object to such changes.
Contact Information
If you have any questions, concerns, or requests regarding these Terms, the Data Processing Agreement, or our Privacy Policy, please reach out to us:
- Technical Support: support@sinkbox.dev
- Legal Inquiries & GDPR Requests: legal@sinkbox.dev
- General Inquiries: info@sinkbox.dev
- Accessibility: accessibility@sinkbox.dev
Bedriva Sverige AB
Swedish Organisation Number: 559001-8502
Sweden